[OpenAFS] data encryption
Derek Atkins
warlord@MIT.EDU
04 Jan 2001 11:22:01 -0500
Thomas Vincent <thomasv@apple.com> writes:
> My only concern with encrypting all the day would be CPU. What kind of
> performance hit would the server take?
> I believe the strategy that Microsoft is pushing with AD enabled apps is
> ipsec for data encryption, and keberos for authentication. Sounds good
> on paper.
This would require at least as much processing power as just
encrypting AFS itself ;) The other problem with "just use IPSec" is
that application protocols don't benefit from the security
infrastructure. I.e. an application cannot query the IPSec SA to find
out who sent a particular packet.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available