Moin!
On 20 Mar 2020, at 8:51, Christian Huitema wrote:
And common sense may or may not be right. For many implementations of
Quic, encryptions is not the bottleneck. You can run AES GCM at 20
Gbps or more on a single CPU thread. The actual bottleneck is the cost
of UDP socket operations.
That is probably more kernel (socket) vs user space (encryption) and the
needed context switches for that. If you do all things identically not
encrypting will save you CPU cycles so always will be faster. Now I’m
not saying that we should not encrypt, we certainly should, and I’m
also not saying that it is impossible for a good implementation of an
encrypted protocol to be faster then a bad implementation of an
unencrypted protocol.
However regular DNS over UDP has been around so long and optimised so
heavily, that I think it is safe to say that we need more capacity
(hardware, network, etc) to achieve the same throughput/performance via
DoT or DoH.
So long
-Ralf
—--
Ralf Weber
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
