On Sep 30, 2010, at 11:41 18AM, Thor Lancelot Simon wrote:
> On Wed, Sep 29, 2010 at 09:22:38PM -0700, Chris Palmer wrote:
>> Thor Lancelot Simon writes:
>>
>>> a significant net loss of security, since the huge increase in computation
>>> required will delay or prevent the deployment of "SSL everywhere".
>>
>> That would only happen if we (as security experts) allowed web developers to
>> believe that the speed of RSA is the limiting factor for web application
>> performance.
>
> At 1024 bits, it is not. But you are looking at a factor of *9* increase
> in computational cost when you go immediately to 2048 bits. At that point,
> the bottleneck for many applications shifts, particularly those which are
> served by offload engines specifically to move the bottleneck so it's not
> RSA in the first place.
>
> Also, consider devices such as deep-inspection firewalls or application
> traffic managers which must by their nature offload SSL processing in
> order to inspect and possibly modify data before application servers see
> it. The inspection or modification function often does not parallelize
> nearly as well as the web application logic itself, and so it is often
> not practical to handle it in a distributed way and "just add more CPU".
>
> At present, these devices use the highest performance modular-math ASICs
> available and can just about keep up with current web applications'
> transaction rates. Make the modular math an order of magnitude slower
> and suddenly you will find you can't put these devices in front of some
> applications at all.
>
> This too will hinder the deployment of "SSL everywhere", and handwaving
> about how for some particular application, the bottleneck won't be at
> the front-end server even if it is an order of magnitude slower for it
> to do the RSA operation itself will not make that problem go away.
>
While I'm not convinced you're correct, I think that many posters here
underestimate the total cost of SSL. A friend of mine -- a very competent
friend -- was working on a design for a somewhat sensitive website. He
really wanted to use SSL -- but the *system* would have cost at least 12x
as much. There were many issues, but one of them is that the average dwell
time on a web site is very few pages, which means that you have to amortize
the cost of the SSL negotiation over very little actual activity.
>
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
