IETF Logo Mail Archive

Re: [hybi] Masked framing VS mask in frame

"Pat McManus @Mozilla" <mcmanus@ducksong.com> Wed, 02 March 2011 00:00 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA2483A6B54 for <hybi@core3.amsl.com>; Tue, 1 Mar 2011 16:00:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.569
X-Spam-Level:
X-Spam-Status: No, score=-2.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1WpJ3jcJ2Hla for <hybi@core3.amsl.com>; Tue, 1 Mar 2011 16:00:47 -0800 (PST)
Received: from linode.ducksong.com (linode.ducksong.com [64.22.125.164]) by core3.amsl.com (Postfix) with ESMTP id B01D03A6962 for <hybi@ietf.org>; Tue, 1 Mar 2011 16:00:47 -0800 (PST)
Received: by linode.ducksong.com (Postfix, from userid 1000) id B332610442; Tue, 1 Mar 2011 19:01:51 -0500 (EST)
Received: from [192.168.16.226] (cpe-67-253-92-25.maine.res.rr.com [67.253.92.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linode.ducksong.com (Postfix) with ESMTPSA id DEA06101F6; Tue, 1 Mar 2011 19:01:44 -0500 (EST)
From: "Pat McManus @Mozilla" <mcmanus@ducksong.com>
To: Greg Wilkins <gregw@intalio.com>
In-Reply-To: <AANLkTikZWiNFWk-6M336yb3xg0cjgWc_vsA3oVuyUqrt@mail.gmail.com>
References: <AANLkTindH-Eu8GvsdtG7dgr+8MpQaaeRA7KTEBGz0sh-@mail.gmail.com> <AANLkTi=65LMo=kUv5uKNM5DeUNKFtnY6xks2UgsFEEWq@mail.gmail.com> <AANLkTi=2fUyryrRGDcS5Bqb-C2YPhRqJuKwUUkZnCBOu@mail.gmail.com> <AANLkTinjmXiYy3f_XFDAazwEYW1vw2gu92sWKJckm=s5@mail.gmail.com> <AANLkTikjM=O2QEBdu8DYeSQinN_i4HSozz5w9Hg1HBt5@mail.gmail.com> <AANLkTinrLf_7DUGE3ko4xBOd1L3NZBhqGK+OLn_DB51F@mail.gmail.com> <AANLkTim6wsce_eYvt2_N+43K1f=JtbfJQsyqb=s0JNhs@mail.gmail.com> <AANLkTikkSxF60H-pZgxcz0SXgozsG4gJ2xEgMweNRwJs@mail.gmail.com> <AANLkTi=7VMnwWSUxU7yTa49dShP0FVVzeSpX6gVNAGpM@mail.gmail.com> <A5CFA133-90EF-4AFD-BB50-41365DDDAB84@gmail.com> <AANLkTin9cUwb80grTPJCgTWoCjc31z3J8D5ekzeAanuU@mail.gmail.com> <23EC9206-34BB-454E-888F-4F41D4B24F9A@gmail.com> <AANLkTikvNHND6GKjyDwR85ts2+d66Amw0bA_XVL+FhQt@mail.gmail.com> <30DBC9B6-A495-4CD9-8CBF-E79FD713B1D2@gmail.com> <AANLkTi=UKMeROxs_sEvJG6w+PC+jfsboLRRGtU+OSj0W@mail.gmail.com> <AANLkTimeXJiQy9U7UQKMB-X_Tjys-sJHy+5N+eewaEWi@mail.gmail.com> <569915DD-DE46-4B3D-85FE-B14D18639936@gmail.com> <AANLkTim_cfDz8_S+eBXp6OPD85mt-4MRVv0CZuze+B0H@mail.gmail.com> <AANLkTikYkaj6z9CtUeJ5YrBQWtVXWaObyUOdvQMzREFq@mail.gmail.com> <AANLkTi=N=sEbwU4OCav+0me0-6mMMs_o6Qs8swwO8pDw@mail.gmail.com> <AANLkTikhwPbc=5wZMK3E-gREmOuDFhoyhGsEWOxh=VZz@mail.gmail.com> <1298990267.2498.668.camel@ds9.ducksong.com> <AANLkTikZWiNFWk-6M336yb3xg0cjgWc_vsA3oVuyUqrt@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 01 Mar 2011 19:01:21 -0500
Message-ID: <1299024081.2498.1020.camel@ds9.ducksong.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masked framing VS mask in frame
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2011 00:00:48 -0000

On Wed, 2011-03-02 at 10:29 +1100, Greg Wilkins wrote:
> On 2 March 2011 01:37, Pat McManus @Mozilla <mcmanus@ducksong.com> wrote:
> >
> > * The mask is incredibly cheap to implement. You can do XOR at the rate
> > of your memory bandwidth. The benefit to "optimizing it away" is at best
> > marginal even in high bandwidth scenarios.
> 
> That is a hand waive.  

It is not. It is a statement that XOR runs at the rate of memory
bandwidth and that is plenty fast enough; the details of your
implementation not withstanding.

I'm not swayed by an argument that in 2011 an Internet protocol security
feature should be able to be disabled, and thus the attack surface
increased, in order to save the cost of a simple XOR on the data stream.
It is a bad trade off. I was more tempted by the savings when we were
potentially doing complicated hashes or even AES - but with XOR it just
isn't interesting to me. 

I have similar feelings on not masking the header.

Greg, I don't expect you to agree. But you said that such an argument
hadn't been made - and this is the core of mine.

-- 
http://www.getfirefox.com/

v2.23.0 | Report a Bug | By Email