[OpenAFS] data encryption

Derek Atkins warlord@MIT.EDU
04 Jan 2001 11:22:01 -0500

Thomas Vincent <thomasv@apple.com> writes:

> My only concern with encrypting all the day would be CPU. What kind of
> performance hit would the server take?
> I believe the strategy that Microsoft is pushing with AD enabled apps is
> ipsec for data encryption, and keberos for authentication. Sounds good
> on paper.

This would require at least as much processing power as just
encrypting AFS itself ;) The other problem with "just use IPSec" is
that application protocols don't benefit from the security
infrastructure.  I.e. an application cannot query the IPSec SA to find
out who sent a particular packet.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available