I am mostly in agreement with Steve but I find the premise somewhat odd.

Crypto overhead is an issue for some applications but not so much at the bulk 
end as the large number of small transactions end. Think web server doing a 
thousand hits a second. Even that is manageable with crypto accelerators and 
restart and such. 

At the bulk end I would not see ssl as the ideal protocol for securing 
distribution of online movies. Why would this be suprising? Why would we expect 
one protocol to be optimal for every application?

For a start I would probaby want to have a message layer encryption scheme so 
that I only need to encrypt my file once, I would probably want the crypto to 
support fast index lookup for chapter search and I would probably want DRM 
features.

The reason we use ssl for everything is because it is deployed and it is easier 
to adapt a deployed protocol than build from scratch.

I don't see the backup scenario as relevant either. Batch mode backup is a 
legacy of the tape drive era. With tape drives and tapes costing an order of 
magnitude more per gig than disk that era is over. If the backup medium is disk 
volume shaddowing makes much more sense.

Given  that consumer targetted backup systems offering volume shaddowing are 
available for just over $500 for a 500Gb system the batch mode backup scenario 
is obsolete.

Now if only the providers of that technology had thought about how I am to 
protect my data against the house burning down...


Sent from my GoodLink Wireless Handheld (www.good.com)

 -----Original Message-----
From:   Steven M. Bellovin [mailto:[EMAIL PROTECTED]
Sent:   Thursday, November 15, 2007 05:53 AM Pacific Standard Time
To:     Joe Touch
Cc:     Leslie Daigle; Stephen Kent; [EMAIL PROTECTED]; Romascanu, Dan (Dan); 
IESG; Sam Hartman; ietf@ietf.org
Subject:        Re: [PMOL] Re: A question about [Fwd: WG Review: Performance 
Metrics  atOther Layers (pmol)]

On Wed, 14 Nov 2007 22:43:01 -0800
Joe Touch <[EMAIL PROTECTED]> wrote:

> Sam Hartman wrote:
> ...
> > Yes, Steve almost certanily did slow down any heavy CPU use during
> > the time when he was doing the backup.
> > 
> > Our point--Steve, Steve and I--is that for a lot of uses and a lot
> > of users, no one cares.
> 
> Perhaps that's why everyone is using security. We don't have a
> problem then.
> 
I didn't say that; I said that performance generally isn't the issue.
Often, there's a *perception* of a performance issue, because once
there was. The bigger problem, in my opinion, is usability.  *Lots* of
people use SSL, because they don't have to do anything.  SSL as used in
https has lots of problems I won't go into here, but it is excellent
protection against passive eavesdroppers.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Reply via email to