SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Gateways



    > In otherwords if you want to buy a device it
    > would not implement security, but there is an option pack that I will sell
    > you at cost to implement the additional security protocols.
    
    Time has shown that if security is "mandatory to implement" then security
    will be widely available, otherwise it will be (expensive) option. At this
    point, given the advent of highly efficient MACs such as UMAC,
    cryptographic integrity protection is little more expensive than the CRC
    that is already in iSCSI. Therefore there is no valid justification for
    ommitting at least this level of security functionality. 
    
    Encryption is another story -- but my understanding is that this is
    optional. 
    
    > What I am getting at is cryptography is expensive, especially at multi
    > gigabit speeds.  
    
    Integrity protection via new MACs such as UMAC is *not* expensive. This is
    a myth. See http://www.cs.ucdavis.edu/~rogaway/umac/perf00.html 
    
    > I would not want to require products to incur this cost
    > if the feature wasn't determined to be useful by the end customer who has
    > the wallet.  
    
    If the "customer" thinks that CRC-32 is useful, then why not give them a
    cryptographic integrity check at minimal additional cost? Not only will
    this give them security, but it can also dramatically decrease the
    probability of data invalidation. 
    
    > I also want to be careful about products that are multi
    > gigabit products, but to be "standards compliant" include a software
    > encryption module that runs at 12 Mbit/Sec and is completely useless. 
    
    Since encryption is not required, only integrity protection, and
    algorithms are available that can run at the required linerate, this
    argument doesn't up.
    
    
    


Home

Last updated: Tue Sep 04 01:04:06 2001
6315 messages in chronological order