Date: Mon, 26 Jun 1995 20:42:18 +0400 (MSD) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> To: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> Cc: current@freebsd.org, Mark Murray <mark@grondar.za> Subject: Re: Crypt code summary(2). Message-ID: <tTgDkxliK5@astral.msk.su> In-Reply-To: <9506261512.AA18349@halloran-eldar.lcs.mit.edu>; from Garrett Wollman at Mon, 26 Jun 1995 11:12:05 -0400 References: <199506252003.WAA08724@grumble.grondar.za> <9506252018.AA17301@halloran-eldar.lcs.mit.edu> <sTwpTxlmJ1@astral.msk.su> <9506261512.AA18349@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <9506261512.AA18349@halloran-eldar.lcs.mit.edu> Garrett
Wollman writes:
><<On Mon, 26 Jun 1995 02:02:34 +0400 (MSD), =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" <ache@astral.msk.su> said:
>> Internet Auth. require MD5 which implementation in software
>> slow down IP approx. in two times,
>This is Not A Problem.
> 1) It is always possible to use other digital signature
> techniques.
> 2) It's OK if it's slow; it's still faster than an Ethernet,
> which makes it fast enough for the needs of most users.
Here some quote, more detailed report will be into RFC1810:
MD5 is an authentication algorithm, which has been proposed as the
default authentication option in IPv6. When enabled, the MD5
algorithm operates over the entire data packet, including header.
This RFC addresses how fast MD5 can be implemented in software and
hardware, and whether it supports currently available IP bandwidth.
MD5 can be implemented in existing hardware technology at 256 Mbps,
and in software at 87 Mbps. These rates cannot support current IP
rates, e.g., 100 Mbps TCP and 130 Mbps UDP over ATM. If MD5 cannot
support existing network bandwidth using existing technology, it will
not scale as network speeds increase in the future. This RFC is
intended to alert the IP community about the performance limitations
of MD5, and to suggest that alternatives be considered for use in high
speed IP implementations.
>> SSL is speed winner here.
>And it's also proprietary. And it requires technology which it would
>be illegal for Walnut Creek to sell even within the US without getting
>a license from PKP.
1) SSLref SSL implementation (Netscape)
uses RSAREF, you don't need PKP license for it.
2) SSLay SSL implementation (from E.Y.)
uses its own RSA routines, not know about license here.
3) Outside USA exists RSAEURO, which is compatible
with RSAREF and made in Europe.
I.e. after some shuffling, it will be legal to distribute different
SSL kits in USA and Outside both.
--
Andrey A. Chernov : And I rest so composedly, /Now, in my bed,
ache@astral.msk.su : That any beholder /Might fancy me dead -
FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead.
RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?tTgDkxliK5>