[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Slides from "Web Services Security Issues"
> Does encryption and digital signing increase the need for bandwidth or > the need for CPU power and battery life? Well, let's see. For an RSA signature (most common; we'll ignore Kerberos or other shared-secret HMAC stuff), the binary signature will be the same as the key size; call it 1K bits. Then you have to make it base64 and wrap a few tags and identifying information around it, so call it 250 bytes. If you add the cert call it 2K bytes; if you add just a ref to the cert that the recipient can decode, call it 350 bytes. For XML Encryption, the session key will be RSA encrypted, which is same as the signature. Then the data itself will end up as binary, which then needs to be base64, so assume the data grows by 4/3 in addition to the key exchange. So that's the data size. For processing, decryption isn't bad. You need to decrypt the key, then decrypt the bulk data. Most bulk encryptions are pretty efficient these days; the AES in particular had that as a design goal. Verifying an XML signature is harder. You typically have to canonicalize the input and run it through SHA1 digest. Doing c14n is fairly expensive; you have to pretty much walk your parse tree (or stream and output) a second time. As for battery life? Well, a typical laptop can probably handle XML signature and encryption okay, but only because the load is human-driven. But for a server? You want what we sell. :) We're the fastest XML security devices around. I mention that not just because I'm watching _American Chopper_ on TV right now, but because speed is a security *enabler.* If things are too slow, you can't afford to do things like schema validation and crypto, and you really want to do them... /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|