[cgl_discussion] RE: [cgl_specs] Latest draft on
securityrequirements
Peter Badovinatz
tabmowzo at us.ibm.com
Mon Nov 18 21:33:51 PST 2002
Mika Kukkonen wrote:
>
> Just commenting one part (that I understand :-)
>
> On pe, 2002-11-15 at 16:21, Makan Pourzandi (LMC) wrote:
> > Hi Florence,
> (...)
> > > -----Original Message-----
> > > From: Florence.Hussy at alcatel.fr [mailto:Florence.Hussy at alcatel.fr]
> (...)
> > > Page 6, Carrier grade context, minimum performance degradation:
> > > It may be very difficult for some of the features described
> > > in the document
> > > to achieve the target of 5% / 10%. It should be stated that security
> > > features having a significant impact on the performance of the system
> > > should be configurable
> > >
So long as we can stick with percentage degradation (rather than
absolute numbers) we should describe realistic expectations. If we say
"we can do all of this for no overhead" then no one will take it
seriously. We should push to minimize degradation, but if we can agree
on a set of overall targets, e.g., tied to the four levels Mika
describes, we should do so. It complicates the requirements a bit, but
it makes them more realistic.
> >
> > Definitely, we have to discuss whether we want to put numbers or not.
> > In my experience, during my discussions with development people when
> > trying to sell them the security, this is a major issue. Whatever you
> > tell them, the final decision depends greatly on the answer to the
> > following question "what is the impact of all this on response
> > time/performance... ?" It seems that the performance degradation is
> > one of the major issues that distinguishes CGL from other kinds of
> > servers. Do we want to go further and give numbers or not?
>
> Yes, I still think we should for non-technical reasons stick to the
> 4-tier approach already in the document, i.e.:
> 1) no security features
> 2) security features with little (<1%) or no performance impact
> 3) security features with moderate impact, i.e. 5-10% hit
> 4) maximum amount of security features without worrying about their
> performance cost
>
> This makes it possible for non-technical people to make decisions :-)
>
> --MiKu
> --
> "Good ideas do not die, they just lie down and get recycled." -- me
Peter
--
Peter R. Badovinatz aka 'Wombat' -- IBM Linux Technology Center
preferred: tabmowzo at us.ibm.com / alternate: wombat at us.ibm.com
These are my opinions and absolutely not official opinions of IBM, Corp.
More information about the cgl_discussion
mailing list