Startups Cavium, ChipSign and Layer N have announced chips that deliver 10,000 to 100,000 Secure Sockets Layer handshakes per second. To put that in perspective, the fastest chip available for most of last year, Broadcom's 5820, handles only 800. Market leaders Broadcom and Hifn (and most other security-processor vendors) scoff at the newcomers for offering far more performance than anyone can use.

One or more SSL handshakes are generated any time your Web browser goes into secure mode and the little lock symbol appears. Security processors are used in Web servers and front-end equipment to process the complex SSL computations much faster than a general-purpose CPU can.

Hifn points out that a typical SSL session transfers at least three Web pages of perhaps 28 kbytes each. Thus, a Gigabit Ethernet channel dedicated to SSL would max out at fewer than 1,500 sessions/s.

Layer N counters that a security processor must handle peak loads. For a short period, a chip could receive mostly session setups, not requests from existing sessions. In this period, a Gigabit Ethernet channel could request 100,000 SSL handshakes/s.

Even if the security chip can handle so many SSL operations, the bottleneck shifts to the TCP protocol, where several Pentium 4 processors would be needed just for 10,000 connections/s. This is a critical problem for Cavium and ChipSign, but Layer N's chip includes a TCP offload engine to break this bottleneck.

Hifn's ultimate argument is that no work load comes close to generating 100,000 SSL handshakes/s. This would be equivalent to all of Amazon's Christmas 2001 customers making their purchases during the same five minutes. Most Web site operators are looking for no more than 2,000 handshakes/s.

Layer N admits this is the case today. But with new technology cutting the cost of securing an SSL transaction by orders of magnitude, Web site operators may move to securing entire sites, greatly increasing the demand for SSL handshakes.

All parties in this debate are guilty of selling what they have and bashing what they don't. But these aggressive startups must wait for a paradigm shift to build demand for their muscular technology.

Linley Gwennap is Founder and Principal Analyst of the Linley Group (www.linleygroup.com/npu).