W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 17 Aug 2014 07:31:54 +0000
To: Eliot Lear <lear@cisco.com>
cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <14191.1408260714@critter.freebsd.dk>
--------
In message <53F0496A.9040307@cisco.com>, Eliot Lear writes:

>> By by whitening the present HTTP plaintext traffic with TLS, even with
>> quite weak cipher-suites, we dramatically increase the cost of the
>> postanalysis step, instantly making that filter impossible.
>
>This presumes that the use of weak cipher suites is actually cheaper to
>the end points than strong ones.  Is that really the case?

I think it is an implict requirement that a COTS server can do 10Gbit/s.

Any algorithm which meets that in software is fine by me from a
performance point of view.

Notice that the breaking is most likely going to happen against a
short-ish key (32-40 bits) rather than against the algorithm.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 17 August 2014 07:32:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC