*why NICs couldn't support the crypto in a way that it can just send the packet ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

wmf on Sept 29, 2017 | parent | context | favorite | on: Serving 100 Gbps from an Open Connect Appliance

why NICs couldn't support the crypto in a way that it can just send the packet straight to the wire after encryption.

That's how the Chelsio T6 works. On the transmit path the NIC needs to perform encryption, TLS framing, and TCP/IP/Ethernet segmentation in that order; on receive it needs to perform TCP reordering and such before decrypting. Most NICs just don't want to add that much functionality.

FullyFunctional on Sept 29, 2017 [–]

Thanks, that's looks pretty good. I wonder if it will work with TLS 1.3 as well (from my limited understanding it looks like it might).

Here's dreaming of a future where ED25519/Chacha20/Poly1305 is supported in hardware (it's much cheaper for clients that doesn't have AES so I want servers to use it).

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact