Hello, I work on NIC hardware acceleration for NVIDIA, and we are looking into QUIC and DTLS1.3 acceleration. QUIC and DTLS employ packet number encryption (PNE) which increases security. At the same time, PNE significantly encumbers hardware acceleration as I’ll explain next.
For hardware to encrypt the packet numbers, there are two options: 1. Feed the header back into the encryption machine after data has been encrypted. This means storing and forwarding data, higher implementation complexity, and greater bandwidth requirements on the single encryption machine. 2. Adding an additional unique pipeline stage dedicated for header encryption. As you may already know, this is not hardware friendly and for this reason many vendors will likely refuse to pay the cost of supporting this. But suppose a vendor does implement this feature, one problem still remains. PNE will still cause noticeable latency and performance degradation for high speed networks (think >400Gbps). Now, in certain use-cases, such as high performance computing, cloud computing, or data-center clusters—the security benefits of encrypting headers are marginal compared to the latency imposed by PNE. Would it be possible to consider letting these users negotiate to disable PNE and by doing so benefit (more) from encryption acceleration? Best regards, Boris
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
