[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for SOI wrt PFS

To: Jan Vilhuber <vilhuber@xxxxxxxxx>
Subject: Re: Suggestion for SOI wrt PFS
From: "Angelos D. Keromytis" <angelos@xxxxxxxxxxxxxxx>
Date: Sun, 31 Mar 2002 18:01:07 -0500
Cc: Bill Sommerfeld <sommerfeld@xxxxxxxxxxxx>, andrew.krywaniuk@xxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: Your message of "Sun, 31 Mar 2002 15:00:40 PST." <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

In message <Pine.LNX.4.33.0203311458560.21949-100000@xxxxxxxxxxxxxxxxxxxx>, Jan
  Vilhuber writes:
 >
 >But you STILL need to redo the rsa sigs. Just caching the certificate
 >validation buy's you having to redo all that, but having to redo the
 >rsa is costly anyway.
 >
 >And please don't say "but rsa operations are cheap" because they
 >aren't..

RSA operations are cheap. They're not cheap enough to do 1000 tunnel setups
per second (without hardware support), but you can easily sustain a couple
of hundred, even on a moderate box. And I've seen no argument (let alone a
convincing one) why you'd need massive amounts of tunnels/sec (your IPsec
gateway likely won't be able to handle traffic for them anyway).
-Angelos

Follow-Ups:
- Re: Suggestion for SOI wrt PFS
  - From: Jan Vilhuber

References:
- Re: Suggestion for SOI wrt PFS
  - From: Jan Vilhuber

Prev by Date: Re: Suggestion for SOI wrt PFS
Next by Date: Re: Suggestion for SOI wrt PFS
Previous by thread: Re: Suggestion for SOI wrt PFS
Next by thread: Re: Suggestion for SOI wrt PFS
Index(es):
- Date
- Thread