ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)
Charles Lindsey
chl at clw.cs.man.ac.uk
Mon Dec 23 08:26:24 PST 2002
In <37717585.1040386848 at majormajor.rem.cmu.edu> Lawrence Greenfield <leg+ at andrew.cmu.edu> writes:
>Defining a new SASL mechanism that does some sort of ADH will in fact
>increase the per-connection cost, since it will be unable to utilize
>session resumption. (Not to mention that TLS can be hardened against MITM
>attacks by distributing the appropriate certificates.)
Indeed so. It might take a second or so at the start of a session.
>The only reason to fear TLS is if encryption of the data stream is viewed
>as too costly.
And that is the problem. Once a session is established, the systems may
exchange data for hours at seriously high transfer rates. The encryption
overhead would cripple it.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list