|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Gateways> In otherwords if you want to buy a device it > would not implement security, but there is an option pack that I will sell > you at cost to implement the additional security protocols. Time has shown that if security is "mandatory to implement" then security will be widely available, otherwise it will be (expensive) option. At this point, given the advent of highly efficient MACs such as UMAC, cryptographic integrity protection is little more expensive than the CRC that is already in iSCSI. Therefore there is no valid justification for ommitting at least this level of security functionality. Encryption is another story -- but my understanding is that this is optional. > What I am getting at is cryptography is expensive, especially at multi > gigabit speeds. Integrity protection via new MACs such as UMAC is *not* expensive. This is a myth. See http://www.cs.ucdavis.edu/~rogaway/umac/perf00.html > I would not want to require products to incur this cost > if the feature wasn't determined to be useful by the end customer who has > the wallet. If the "customer" thinks that CRC-32 is useful, then why not give them a cryptographic integrity check at minimal additional cost? Not only will this give them security, but it can also dramatically decrease the probability of data invalidation. > I also want to be careful about products that are multi > gigabit products, but to be "standards compliant" include a software > encryption module that runs at 12 Mbit/Sec and is completely useless. Since encryption is not required, only integrity protection, and algorithms are available that can run at the required linerate, this argument doesn't up.
Home Last updated: Tue Sep 04 01:04:06 2001 6315 messages in chronological order |