On Mon, May 14, 2012 at 10:27 AM, Brian Dickson <[email protected]> wrote: > We can't do the crypto without HW on some of the routers involved in > deployment of bgpsec. > > I've heard just about everyone say that, quite possibly including yourself.
I don't think I've said that recently, one of the items brought out during discussions of this was that often the hardware accelerators for this are optimised for 'use one key a lot', not for 'swap in a new key for every operation' (the key swap is very costly). Sriram has some numbers for different co-processors which are interesting, but I don't think that means we need on-board crypto accelerators. > One of the reasons for questioning the choice of crypto, is exploring the > feasibility of solutions which do not require on-router HW for doing > signing. sure, but you also invented a whole other (seemingly complex) system to keep track of data (nonces and such) across multiple trust/administrative domains. it seems unwieldy, to me at least. One of the larger stumbling blocks though is ram for RIB storage. (or that seems to be one of the larger problems to address) -chris > > Brian > > > On Fri, May 11, 2012 at 9:23 PM, Christopher Morrow > <[email protected]> wrote: >> >> On Fri, May 11, 2012 at 5:27 PM, Brian Dickson >> <[email protected]> wrote: >> > The argument that "we can't do the crypto without HW" >> >> i didn't see anyone say that though. > > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
