IETF Logo Mail Archive

RE: [Isms] TLS / SSH scalability concerns

"McDonald, Ira" <imcdonald@sharplabs.com> Fri, 13 May 2005 16:45 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DWdHm-0003dO-9o; Fri, 13 May 2005 12:45:14 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DWdHl-0003d0-1h for isms@megatron.ietf.org; Fri, 13 May 2005 12:45:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00358 for <isms@ietf.org>; Fri, 13 May 2005 12:45:09 -0400 (EDT)
Received: from keymaster.sharplabs.com ([216.65.151.107] helo=sharplabs.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DWdXh-0006n3-0y for isms@ietf.org; Fri, 13 May 2005 13:01:42 -0400
Received: from admsrvnt02.enet.sharplabs.com (admsrvnt02.enet.sharplabs.com [172.29.225.253]) by sharplabs.com (8.13.1/8.13.1) with ESMTP id j4DGiqFT008308; Fri, 13 May 2005 09:44:52 -0700 (PDT)
Received: by admsrvnt02.enet.sharplabs.com with Internet Mail Service (5.5.2657.72) id <K6LRTPJ5>; Fri, 13 May 2005 09:44:52 -0700
Message-ID: <CFEE79A465B35C4385389BA5866BEDF00C7BBA@mailsrvnt02.enet.sharplabs.com>
From: "McDonald, Ira" <imcdonald@sharplabs.com>
To: 'Eliot Lear' <lear@cisco.com>, "Blumenthal, Uri" <uri.blumenthal@intel.com>
Subject: RE: [Isms] TLS / SSH scalability concerns
Date: Fri, 13 May 2005 09:44:45 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain; charset="ISO-8859-1"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Cc: isms@ietf.org
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Sender: isms-bounces@lists.ietf.org
Errors-To: isms-bounces@lists.ietf.org

Hi,

With regard to SIP using DTLS, folks may want to read
<draft-jennings-sip-dtls-00.txt> (February 2005).

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221  Grand Marais, MI  49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com

> -----Original Message-----
> From: isms-bounces@lists.ietf.org 
> [mailto:isms-bounces@lists.ietf.org]On
> Behalf Of Eliot Lear
> Sent: Friday, May 13, 2005 12:39 PM
> To: Blumenthal, Uri
> Cc: isms@ietf.org
> Subject: Re: [Isms] TLS / SSH scalability concerns
> 
> 
> I think there might be some truth on both sides of this issue.  For 
> instance, maintaining established sessions goes to Juergen's 
> point that 
> you need to keep getting the biggest baddest largest server to manage 
> "All of This".  On the other hand, if you're not taking 
> authentication 
> steps on each packet there's something to be gained, I'm sure.
> 
> I think it's safe to say that people know how to deal with 
> both.  And I 
> actually think a whole lot of people know a whole lot more about TLS. 
> That has certain benefits.  I would imagine the same thing 
> will be able 
> to be said about DTLS, assuming a major app picks it up.  SIP? 
> Something else?
> 
> Eliot
> 
> Blumenthal, Uri wrote:
> >>FYI (in case you not already know):
> >>
> >>http://www.umiacs.umd.edu/docs/Du.ppt
> >>
> >>They concluded that SNMP/TLS was more efficient than USM. 
> > 
> > 
> > And I have a very nice bridge for sale in the vicinity of NYC. :-)
> > 
> > 
> >>Anyway, these results need to be taken w/ a grain of salt as
> >>there are many factors (e.g. # msgs per session) that may
> >>affect the results.
> > 
> > 
> > The facts are:
> >   - SNMP spends extra cycles on ASN.1 security wrapping/unwrapping;
> >   - TLS spends extra cycles on TCP overhead;
> >   - TLS has large session establishment overhead;
> >   - DES/AES and MD5/SHA1 is done by both, and the cost is similar.
> > 
> > Therefore, the more messages are sent within one long session - the
> > greater the chance of amortizing the session establishment 
> cost and come
> > out even (seems rather obvious). As for TLS solution 
> turning out *more*
> > efficient - forgive me for not entirely trusting those 
> results (assuming
> > apples-to-apples comparison, i.e. using SNMPv3 in both cases).
> > 
> > _______________________________________________
> > Isms mailing list
> > Isms@lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/isms
> > 
> > 
> 
> _______________________________________________
> Isms mailing list
> Isms@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/isms
> 

_______________________________________________
Isms mailing list
Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

v2.23.0 | Report a Bug | By Email