Re: The TCP and UDP checksum algorithm may soon need updating

Nick Hilliard <nick@foobar.org> Mon, 08 June 2020 10:29 UTC

Return-Path: <nick@foobar.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D53F3A08E0 for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 03:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghgOKCoe8HzV for <ietf@ietfa.amsl.com>; Mon, 8 Jun 2020 03:29:56 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 126FF3A08DC for <ietf@ietf.org>; Mon, 8 Jun 2020 03:29:55 -0700 (PDT)
X-Envelope-To: ietf@ietf.org
Received: from crumpet.local (admin.ibn.ie [46.182.8.8]) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id 058ATpMs044131 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Jun 2020 11:29:52 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host admin.ibn.ie [46.182.8.8] claimed to be crumpet.local
Subject: Re: The TCP and UDP checksum algorithm may soon need updating
To: Carsten Bormann <cabo@tzi.org>
Cc: "ietf@ietf.org" <ietf@ietf.org>
References: <28A2725D-00F8-4739-8A73-ED176F8EF561@strayalpha.com> <3AA98081-A70E-4076-8096-79FFAEE8A738@huitema.net> <830b91c4-0bb5-af5b-f7b8-c5edd43dc87e@mtcc.com> <4512C1BF-5722-479B-8506-24018610BEAD@strayalpha.com> <5b4ea5ea-e2d6-1a01-3676-dd2a72dbd2c1@mtcc.com> <2C425F1E-2E12-4E47-ACEC-AF4C4A93FA3E@akamai.com> <140429ad-af8b-e03f-a641-1e78b6056fa4@mtcc.com> <D55AFBFD-0D59-4176-B6BD-D6A1801FEC2C@akamai.com> <77B2A0BC-0B4B-4118-A618-CE3F91B976F1@tzi.org>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <fe52fd56-86df-26c0-eabf-39a45b293491@foobar.org>
Date: Mon, 8 Jun 2020 11:29:50 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.17
MIME-Version: 1.0
In-Reply-To: <77B2A0BC-0B4B-4118-A618-CE3F91B976F1@tzi.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/5tzEIpN72-Zt9a6G_ZBG3B2oNRQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 10:29:58 -0000

Carsten Bormann wrote on 08/06/2020 10:54:
> Security protocols used right would have protected us from this and
> would have made the bit errors a performance statistic…)
not at the time, no.  There was no cpu support for common crypto 
operations then, so enabling transport layer security would have trashed 
performance to the point that the server would have been unusable.  Even 
years later, you couldn't feasibly enable SSL on servers without 
offloading to hardware assistance cards.

We've really forgotten how computationally expensive cryptography is, 
now that it's been swept under the carpet by increasingly advanced 
hardware support.  E.g. even consumer grade CPUs have had dedicated 
native AES encryption support for the last 10 years.

But now that it's here, it's compelling to use pervasively.

Nick