SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    At 04:37 07/02/01, John Hufferd wrote:
    
    >  In any event. the need is for security is at least 3DES.
    
            It is illogical to argue that having NO SECURITY is
    better than having DES-CBC.  Since you appear to be doing
    precisely this, I must be confused by your words and not
    following you clearly.  Can you kindly clarify ?
    
    >Also the cost of a Gigabit chip for 3DES, I just found out, 
    >is $300 for Samples.  
    
            That's not what I'm seeing, but in any event, 
    I think the discussion of hardware is not terribly on point.
    
    >Now, I am beginning to think that it is reasonable for one 
    >of the following approaches to be OK. That is, one of those 
    >approaches should meet the requirement for "Must Implement".
    >1. Only implementing an interface to the external IPSec/TLS box
    >2, SW implementation of IPSec/TLS
    >3. HW IPSec/TLS
    
            (1) is a non-starter because it means no security will
            be widely available to users/operators, IMHO.
    
            IETF would never say whether a particular implementation 
    had to be done in hardware or software; that is obviously an 
    implementation detail and product differentiator.  So from an 
    IETF perspective (2) and (3) are identical and boil down to 
    putting "must implement security" into the specifications 
    (for whichever security the WG converges on).
    
    Ran
    rja@inet.org
    
    


Home

Last updated: Tue Sep 04 01:05:34 2001
6315 messages in chronological order