[OpenAFS] data encryption

Bill Sommerfeld sommerfeld@orchard.arlington.ma.us
Thu, 04 Jan 2001 14:20:54 -0500

> This would require at least as much processing power as just
> encrypting AFS itself ;) The other problem with "just use IPSec" is
> that application protocols don't benefit from the security
> infrastructure.  I.e. an application cannot query the IPSec SA to find
> out who sent a particular packet.

This is an implementation limitation of current ipsec implementations.
Do not assume this will always be the case.

it's worth noting that ipsec is much more amenable to hardware
accelleration than many other security protocols.

						- Bill