[3584] in cryptography@c2.net mail archive
Re: dbts: Lions and TEMPESTs and Black Helicopters (Oh, My!)
daemon@ATHENA.MIT.EDU (EKR)
Tue Nov 3 12:52:01 1998
To: cryptography@c2.net
From: EKR <ekr@rtfm.com>
Date: 03 Nov 1998 09:28:43 -0800
In-Reply-To: Robert Hettinga's message of "Mon, 2 Nov 1998 17:21:17 -0500"
I've trimmed the cc' line to cryptography@c2.net since that seems
to me to be the appropriate list for this.
Robert Hettinga <rah@shipwright.com> writes:
> In addition, every time you do a book-entry transaction, you're perforce
> (heh...) using an encrypted link with at least SSL, and, at some point, people
> will demand much cheaper and faster internet-level encryption ala IPSEC to
> move their money (and their other bits worth money) around.
Uh... IPSEC _isn't_ faster or cheaper than SSL.
It's almost certainly slower, actually. The initial ISAKMP setup
takes something on the order of 3 private key operations on either
side (1 to set up the ISAKMP SA, 1 to authenticate the parties,
and 1 to compute the traffic keys). The SSL setup takes 1 private
key operation for the server and 1 public key operation for the client.
(Excluding certificate chain processing in both cases).
Similarly, I don't see why IPSEC would be cheaper. After all,
there is at least one good free SSL implementation.
This isn't to say that IPSEC doesn't have technical advantages,
but I don't believe faster or cheaper are among them.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
