nanog mailing list archives
Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
From: Jimmy Hess <mysidia () gmail com>
Date: Fri, 1 Nov 2013 03:13:11 -0500
On Thu, Oct 31, 2013 at 11:26 PM, Michael Still <mikal () stillhq com> wrote:
[snip]
Its about the CPU cost of the crypto. I was once told the number of CPUs required to do SSL on web search (which I have now forgotten) and it was a bigger number than you'd expect -- certainly hundreds.
So, crypto costs money at scale basically.
SSL Cryptography for web search is a different problem than, say Site-to-Site VPN encryption. Every time a new browser connects, you have a new SSL session setup. New SSL session setup requires public cryptography operations which impose a significant delay, and the public key operations have an enormous CPU cost. So much so, that the key generation and signing operations involved in CPU session setup are a big bottleneck, and therefore, a potential DoS risk. For encryption of traffic between datacenters; There should be very little session setup and teardown (very few public key operations); almost all the crypto load would be symmetric cryptography. No doubt, there still must be some cost in terms of crypto processors required to achieve encryption of all the traffic on 100-gigabit links between datacenters; it's always something, after all.
Cheers, Michael
-- -JH
Current thread:
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Matthew Petach (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Jimmy Hess (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Matthew Petach (Oct 31)
- RE: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Lorell Hathcock (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Randy Bush (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Matthew Petach (Oct 31)
- <Possible follow-ups>
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic explanoit (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Michael Still (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Jimmy Hess (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Randy Bush (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Jorge Amodio (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Michael Still (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Niels Bakker (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic George Herbert (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Jimmy Hess (Oct 31)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Gary Buhrmaster (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic David Miller (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic berry (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Mark Foster (Nov 01)