Re: [Cfrg] Task for the CFRG

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 19 August 2013 15:45 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E6BB11E82A1 for <cfrg@ietfa.amsl.com>; Mon, 19 Aug 2013 08:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.339
X-Spam-Level:
X-Spam-Status: No, score=-102.339 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zl7wWQleYOHt for <cfrg@ietfa.amsl.com>; Mon, 19 Aug 2013 08:45:34 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 9B32F11E8295 for <cfrg@irtf.org>; Mon, 19 Aug 2013 08:45:34 -0700 (PDT)
Received: from [10.20.30.90] (50-1-98-185.dsl.dynamic.sonic.net [50.1.98.185]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.5) with ESMTP id r7JFjVBr045278 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 19 Aug 2013 08:45:32 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-185.dsl.dynamic.sonic.net [50.1.98.185] claimed to be [10.20.30.90]
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAG5KPzwYVRQ2DPVjgRHQKwRSjt=RsdOXZQhPPaq_nF80mDJ1gA@mail.gmail.com>
Date: Mon, 19 Aug 2013 08:45:33 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D754F9A8-AD74-4E9B-8E9E-3E65C7A90CE6@vpnc.org>
References: <3C4AAD4B5304AB44A6BA85173B4675CAB247161D@MSMR-GH1-UEA03.corp.nsa.gov> <CAG5KPzwYVRQ2DPVjgRHQKwRSjt=RsdOXZQhPPaq_nF80mDJ1gA@mail.gmail.com>
To: Ben Laurie <ben@links.org>
X-Mailer: Apple Mail (2.1508)
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Task for the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 15:45:35 -0000

On Aug 19, 2013, at 4:27 AM, Ben Laurie <ben@links.org>; wrote:

> On 8 August 2013 15:45, Igoe, Kevin M. <kmigoe@nsa.gov>; wrote:
> Off the top of my head, the only objection I can see is that SALSA may be difficult to
> implement efficiently in hardware.  Hardware TLS acceleration can be useful at heavily
> utilized servers.
> 
> This is a myth that should stop being repeated.
>  
> The only use of hardware acceleration is for attackers.

And this is an overgeneralization that should stop being repeated.

Hardware acceleration is used in firewalls because SSL decryption is often the biggest performance hit.  (You might consider these to be an attack, but none of the companies that purchase them do.)

--Paul Hoffman