Could you please clarify on what you mean by bandwidth? Are you talking about if a device has a 100 Mb connection or 10 Mb connection, or something else? Also, processor speed and device capability is often a limiting factor so I’m not sure how relevant bandwidth is, but I might just not be following your train of thought.
IPsec was something that was looked at it detail, and tried in some installations. It certainly has a place but we’ve found it’s not as generally applicable as TLS. Reasons have to do with the complexity of configuration as well as difficulty setting up the network. Another way to put this is that the market was not receptive to IPsec as a general solution. In general we have a lot of respect for what was done with TLS and it’s wide adoption. We’ve adopted it in a number of protocols under TLS 1.2 and would like to do the same with TLS 1.3. Thanks and Best Regards, --Jack From: Ted Lemon [mailto:mel...@fugue.com] Sent: Tuesday, August 21, 2018 1:56 PM To: Jack Visoky <jmvis...@ra.rockwell.com> Cc: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org>; Fries, Steffen <steffen.fr...@siemens.com>; ncamwing=40cisco....@dmarc.ietf.org; tls@ietf.org Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites What kind of bandwidth are we talking about here? Also, could you answer my question about IPsec? On Tue, Aug 21, 2018 at 1:53 PM, Jack Visoky <jmvis...@ra.rockwell.com<mailto:jmvis...@ra.rockwell.com>> wrote: Hi Ted, A few points: 1. Don’t assume there is any browser involved. There is often no browser. 2. Even if there is a browser (and see point 1 before assuming) any HTTP communication would be at a much much slower rate than machine to machine I/O Hope that clears it up. Thanks and Best Regards, --Jack From: Ted Lemon [mailto:mel...@fugue.com<mailto:mel...@fugue.com>] Sent: Tuesday, August 21, 2018 1:39 PM To: Jack Visoky <jmvis...@ra.rockwell.com<mailto:jmvis...@ra.rockwell.com>> Cc: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org<mailto:40akamai....@dmarc.ietf.org>>; Fries, Steffen <steffen.fr...@siemens.com<mailto:steffen.fr...@siemens.com>>; ncamwing=40cisco....@dmarc.ietf.org<mailto:40cisco....@dmarc.ietf.org>; tls@ietf.org<mailto:tls@ietf.org> Subject: Re: [TLS] EXTERNAL: Re: integrity only ciphersuites If the device implements the cipher so as to talk to the browser, it's clearly capable of implementing the cipher... On Tue, Aug 21, 2018 at 1:34 PM, Jack Visoky <jmvis...@ra.rockwell.com<mailto:jmvis...@ra.rockwell.com>> wrote: Hi Rich, I’m not sure if I’m following the question, but what was meant was that these ciphers are generally NOT used for browser access. Machine to machine communication usually does not involve a browser. Apologies if I’ve misunderstood the question. Thanks and Best Regards, --Jack From: TLS [mailto:tls-boun...@ietf.org<mailto:tls-boun...@ietf.org>] On Behalf Of Salz, Rich Sent: Tuesday, August 21, 2018 1:12 PM To: Fries, Steffen <steffen.fr...@siemens.com<mailto:steffen.fr...@siemens.com>> Cc: ncamwing=40cisco....@dmarc.ietf.org<mailto:40cisco....@dmarc.ietf.org>; tls@ietf.org<mailto:tls@ietf.org> Subject: EXTERNAL: Re: [TLS] integrity only ciphersuites [Use caution with links & attachments] Now I think I am as confused as Stephen and others. One justification was “small footprint.” But now you’re saying that for debugging encryption (standard?) ciphers are used for browser access? _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
