[cgl_discussion] RE: [cgl_specs] Latest draft on security requirements

Mika Kukkonen mika at osdl.org
Mon Nov 18 15:15:04 PST 2002

Just commenting one part (that I understand :-)

On pe, 2002-11-15 at 16:21, Makan Pourzandi (LMC) wrote:
> Hi Florence, 
> > -----Original Message-----
> > From: Florence.Hussy at alcatel.fr [mailto:Florence.Hussy at alcatel.fr]
> > Page 6, Carrier grade context, minimum performance degradation:
> > It may be very difficult for some of the features described 
> > in the document
> > to achieve the target of 5% / 10%. It should be stated that security
> > features having a significant impact on the performance of the system
> > should be configurable
> > 
> Definitely, we have to discuss whether we want to put numbers or not.
> In my experience, during my discussions with development people when
> trying to sell them the security, this is a major issue. Whatever you
> tell them, the final decision depends greatly on the answer to the 
> following question "what is the impact of all this on response 
> time/performance... ?" It seems that the performance degradation is 
> one of the major issues that distinguishes CGL from other kinds of 
> servers. Do we want to go further and give numbers or not? 

Yes, I still think we should for non-technical reasons stick to the
4-tier approach already in the document, i.e.:
  1) no security features
  2) security features with little (<1%) or no performance impact
  3) security features with moderate impact, i.e. 5-10% hit
  4) maximum amount of security features without worrying about their 
     performance cost

This makes it possible for non-technical people to make decisions :-)

"Good ideas do not die, they just lie down and get recycled." -- me

More information about the cgl_discussion mailing list