From owner-freebsd-current Mon Jun 26 10:05:36 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA22602 for current-outgoing; Mon, 26 Jun 1995 10:05:36 -0700 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id KAA22592 for ; Mon, 26 Jun 1995 10:05:30 -0700 Received: by sequent.kiae.su id AA18274 (5.65.kiae-2 ); Mon, 26 Jun 1995 20:51:38 +0400 Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 26 Jun 95 20:51:36 +0400 Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id UAA01383; Mon, 26 Jun 1995 20:42:19 +0400 To: Garrett Wollman Cc: current@freebsd.org, Mark Murray References: <199506252003.WAA08724@grumble.grondar.za> <9506252018.AA17301@halloran-eldar.lcs.mit.edu> <9506261512.AA18349@halloran-eldar.lcs.mit.edu> In-Reply-To: <9506261512.AA18349@halloran-eldar.lcs.mit.edu>; from Garrett Wollman at Mon, 26 Jun 1995 11:12:05 -0400 Message-Id: Organization: Olahm Ha-Yetzirah Date: Mon, 26 Jun 1995 20:42:18 +0400 (MSD) X-Mailer: Mail/@ [v2.38 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= aka "Andrey A. Chernov, Black Mage" X-Class: Fast Subject: Re: Crypt code summary(2). Lines: 53 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 2331 Sender: current-owner@freebsd.org Precedence: bulk In message <9506261512.AA18349@halloran-eldar.lcs.mit.edu> Garrett Wollman writes: >< said: >> Internet Auth. require MD5 which implementation in software >> slow down IP approx. in two times, >This is Not A Problem. > 1) It is always possible to use other digital signature > techniques. > 2) It's OK if it's slow; it's still faster than an Ethernet, > which makes it fast enough for the needs of most users. Here some quote, more detailed report will be into RFC1810: MD5 is an authentication algorithm, which has been proposed as the default authentication option in IPv6. When enabled, the MD5 algorithm operates over the entire data packet, including header. This RFC addresses how fast MD5 can be implemented in software and hardware, and whether it supports currently available IP bandwidth. MD5 can be implemented in existing hardware technology at 256 Mbps, and in software at 87 Mbps. These rates cannot support current IP rates, e.g., 100 Mbps TCP and 130 Mbps UDP over ATM. If MD5 cannot support existing network bandwidth using existing technology, it will not scale as network speeds increase in the future. This RFC is intended to alert the IP community about the performance limitations of MD5, and to suggest that alternatives be considered for use in high speed IP implementations. >> SSL is speed winner here. >And it's also proprietary. And it requires technology which it would >be illegal for Walnut Creek to sell even within the US without getting >a license from PKP. 1) SSLref SSL implementation (Netscape) uses RSAREF, you don't need PKP license for it. 2) SSLay SSL implementation (from E.Y.) uses its own RSA routines, not know about license here. 3) Outside USA exists RSAEURO, which is compatible with RSAREF and made in Europe. I.e. after some shuffling, it will be legal to distribute different SSL kits in USA and Outside both. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849