|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsAt 04:37 07/02/01, John Hufferd wrote: > In any event. the need is for security is at least 3DES. It is illogical to argue that having NO SECURITY is better than having DES-CBC. Since you appear to be doing precisely this, I must be confused by your words and not following you clearly. Can you kindly clarify ? >Also the cost of a Gigabit chip for 3DES, I just found out, >is $300 for Samples. That's not what I'm seeing, but in any event, I think the discussion of hardware is not terribly on point. >Now, I am beginning to think that it is reasonable for one >of the following approaches to be OK. That is, one of those >approaches should meet the requirement for "Must Implement". >1. Only implementing an interface to the external IPSec/TLS box >2, SW implementation of IPSec/TLS >3. HW IPSec/TLS (1) is a non-starter because it means no security will be widely available to users/operators, IMHO. IETF would never say whether a particular implementation had to be done in hardware or software; that is obviously an implementation detail and product differentiator. So from an IETF perspective (2) and (3) are identical and boil down to putting "must implement security" into the specifications (for whichever security the WG converges on). Ran rja@inet.org
Home Last updated: Tue Sep 04 01:05:34 2001 6315 messages in chronological order |