IETF Logo Mail Archive

Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt

Nikos Mavrogiannopoulos <nmav@gnutls.org> Tue, 15 June 2010 07:52 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5AFC3A684C for <tls@core3.amsl.com>; Tue, 15 Jun 2010 00:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.83
X-Spam-Level:
X-Spam-Status: No, score=0.83 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qoQtkXJehi0k for <tls@core3.amsl.com>; Tue, 15 Jun 2010 00:52:16 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id C08AF3A67E3 for <tls@ietf.org>; Tue, 15 Jun 2010 00:52:15 -0700 (PDT)
Received: by wya21 with SMTP id 21so850534wya.31 for <tls@ietf.org>; Tue, 15 Jun 2010 00:52:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=F+B7hPHTHcIHu9k3H37FhyOwnzoqdavCqYmau1P1xkg=; b=Np3xE7XuDZkrAumM4sMyNQjeBP+4jrksxGV4KYbkjLJgIAqg6jYOmA9d598cChX8mm Daz9zVj8SLjkay2VazbSFSytv7Gmu0p8O23wxur6zeYz13zt0KkFa9asonAbLuNPr5TZ Q/ui86KPdq5DN4WMlIb6SWI8rdRSY7A2Y4Gb4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=Lw7GbUhMgKr0SisyNooXa5kcdr7GpGhvukrmS79gkLRVvmUtDAq0NBChsTr3nbS6u/ 1Ir2cDFL+Ah0snRC92h+HJBajlBAqRn82UEI27Vy+1G0bdqx1ojlzp2t0vpISgljVKNe 7DLq4yb9XN1txyNoGcZrBAqDEatMN0gg3Ppxg=
MIME-Version: 1.0
Received: by 10.216.185.74 with SMTP id t52mr3060227wem.54.1276588336234; Tue, 15 Jun 2010 00:52:16 -0700 (PDT)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.216.160.147 with HTTP; Tue, 15 Jun 2010 00:52:16 -0700 (PDT)
In-Reply-To: <4C15E704.3050805@iki.fi>
References: <E1ONiI8-0001C6-Ln@wintermute02.cs.auckland.ac.nz> <4C149556.7040008@gnutls.org> <03826B11-ABC0-4F5B-A636-A07DECDF428C@iki.fi> <AANLkTimYxYX8KqZ09bC-aglGU6D6W3JGH4gSlpmP4QCG@mail.gmail.com> <4C15E704.3050805@iki.fi>
Date: Tue, 15 Jun 2010 09:52:16 +0200
X-Google-Sender-Auth: JTerr19cE98zoV9-wtcnIgAO_fo
Message-ID: <AANLkTimCqoUuL4_bOwKqg1OVNyfICpoOnozCf2Haadjh@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Juho Vähä-Herttua <juhovh@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action:draft-ietf-tls-rfc4366-bis-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2010 07:52:17 -0000

On Mon, Jun 14, 2010 at 10:23 AM, Juho Vähä-Herttua <juhovh@iki.fi> wrote:

>> The save is not on data sent but on processing speed. Decryption and
>> encryption today is done in hardware (several embedded systems have a
>> crypto coprocessor) so the bottleneck is on processing those
>> fragments. The larger they are the less they are processed, the higher
>> the bandwidth. (check what happens to ATM today with the fixed 53 byte
>> payload, everybody tries to do reassembly in hardware otherwise the
>> performance is poor. 16kb is not 53 bytes but it's close :)
>>
>
> I don't deny this, larger chunks of data are always easier to process,
> especially if the process can be done in parallel. One of the biggest
> bottlenecks in TLS decryption performance I can see, is the stream and CBC
> block ciphers requiring decryption before the MAC calculation can be
> initiated. Therefore, if the decryption and encryption performance is really
> important, I'd rather concentrate on getting the AES-GCM and AES-CCM ciphers
> into wider use in TLS.

This is orthogonal to what I proposed. What I say provides advantage
irrespective to the ciphersuite used. And in reality the faster the
ciphersuite is, the more the need for larger payloads, that is because
the bottleneck now becomes processing and not encryption.

regards,
Nikos

v2.23.0 | Report a Bug | By Email