ietf-nntp Re: WG Review: Simple Authentication and Security Layer
(sasl)
Ken Murchison
ken at oceana.com
Tue Dec 24 06:04:22 PST 2002
Charles Lindsey wrote:
>
> In <37717585.1040386848 at majormajor.rem.cmu.edu> Lawrence Greenfield <leg+ at andrew.cmu.edu> writes:
>
> >Defining a new SASL mechanism that does some sort of ADH will in fact
> >increase the per-connection cost, since it will be unable to utilize
> >session resumption. (Not to mention that TLS can be hardened against MITM
> >attacks by distributing the appropriate certificates.)
>
> Indeed so. It might take a second or so at the start of a session.
>
> >The only reason to fear TLS is if encryption of the data stream is viewed
> >as too costly.
>
> And that is the problem. Once a session is established, the systems may
> exchange data for hours at seriously high transfer rates. The encryption
> overhead would cripple it.
You didn't address Larry's idea of downgrading the cipher, probably to
"none" or "null". Would this be acceptable? I could probably do a
proof of concept in the Cyrus server.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list