|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use Requirements> In any event. the need is for security is at least 3DES. First you said that you didn't need anything. Now you seem to imply that you need confidentiality, integrity, and authentication and that even 3DES may not be enough. There are gradations between these two extremes. As Ran said, even DES will get you something. And there are circumstances where you might be willing to live with integrity and authentication alone. >Also the cost of a Gigabit chip for 3DES, I just found out, >is $300 for Samples. Well, the cost of a Gigabit NIC is pretty high today in quantity one, but I don't expect that to be the case in 18-24 months. You need to factor in time and volume into your calculation. >Now, I am beginning to think that it is reasonable for one >of the following approaches to be OK. That is, one of those >approaches should meet the requirement for "Must Implement". >1. Only implementing an interface to the external IPSec/TLS box >2, SW implementation of IPSec/TLS >3. HW IPSec/TLS Problem with approach 1 is that the total cost will be *much* higher than it would be if you build capability on the NIC. Problem with SW implementation of TLS is that you won't be able to go much above 200 Mbps if that, even with a 1 Ghz processor. IPSEC 3DES in SW is much worse. Trust me, a task oriented crypto co-processor is the way to go in this application. In my opinion, HW IPSEC is the best choice. I expect costs for 1 Gbps chips to approximate current costs for 100 Mbps in the next 18-24 months. HW TLS is a lot harder because you typically have to terminate TCP sessions on the card. That means lots of memory, which is what we've been trying to avoid with RDMA. So cost will be a good deal higher and the approach won't readily be extensible to 10 Gbps. Don't go there.
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |