On Thu, Oct 31, 2013 at 11:26 PM, Michael Still <mikal@stillhq.com> wrote:
[snip]
Its about the CPU cost of the crypto. I was once told the number of CPUs required to do SSL on web search (which I have now forgotten) and it was a bigger number than you'd expect -- certainly hundreds.
So, crypto costs money at scale basically.
SSL Cryptography for web search is a different problem than, say Site-to-Site VPN encryption. Every time a new browser connects, you have a new SSL session setup. New SSL session setup requires public cryptography operations which impose a significant delay, and the public key operations have an enormous CPU cost. So much so, that the key generation and signing operations involved in CPU session setup are a big bottleneck, and therefore, a potential DoS risk. For encryption of traffic between datacenters; There should be very little session setup and teardown (very few public key operations); almost all the crypto load would be symmetric cryptography. No doubt, there still must be some cost in terms of crypto processors required to achieve encryption of all the traffic on 100-gigabit links between datacenters; it's always something, after all.
Cheers, Michael
-- -JH