[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HIP and PKI reqs [RE: Identifier/locator recap]



On Mon, 17 Mar 2003, Michael Richardson wrote:

>     Pekka> However, my complaint with HIP model is that it seems so closely
>     Pekka> tied to ESP and security.

>   Why is this a problem for you?

I can't speak for anyone else, but there are many times I have no need
to obfuscate my communications. In those cases, why should I suffer the
bandwidth, CPU and management overhead of IPsec? (In IPv6 everything
will configure pretty much automatically but doing IPsec of course fully
negates (and more) this advantage.)

>   I think that we very much need better security. This is end-to-end
> security. P4s don't even notice doing 3DES (let alone AES), and TPCA may
> put hardware accelerators on every motherboard.

This is hardly true: 3DES maxes out at around 200 Mbps if we are to
believe http://www.mediacrypt.com/engl/Downloads/IDEA_Perf_Overall.pdf

In high speed networking, every copy cycle hurts. So how can encryption
be "free"? Also, even if I have a P4 at my disposal (which I don't) I
could very well need the CPU time for something else. And on mobile
devices, this eats up battery power unnecessarily.

There is often a need for crypto. However, there is also often a need to
_not_ have crypto.