[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
EKR
ekr at networkresonance.com
Tue May 24 11:34:50 PDT 2005
Ken Murchison <ken at oceana.com> wrote:
> EKR wrote:
>
> > I just reviewed draft-ietf-nntp-tls-nntp-05.txt. I see that it's
> > in Last Call Requested, so consider these some early LC
> > comments:
>
> Thanks for the feedback. I can't really disgree with any of your
> points, but FWIW, we used RFC 3207 and RFC 3501 as templates for this
> document and most of the text you quote was taken directly from
> them.
Yeah, I suspect some revisions are in order.
> > So, in practice you can saturate a GigE line with SSL/TLS traffic without
> > too much effort. If we assume that you use the fastest algorithm: RC4/MD5,
> > you see a 4x performance improvement removing RC4. However, if you
> > are using SHA-1 (as is current recommended practice) you only get a
> > factor of 2, which isn't that impressive. I would generally avoid
> > encouraging WGs to advise people to turn off encryption for performance
> > reasons.
>
> Coming from the email world, I tried to argue this same point, but was
> told that given the sheer volume of NNTP traffic, using TLS for an
> entire session is unrealistic in the real world. Feel free to search
> the list archives or renew this discussion.
Yes, I recall repeated vigorous assertions to this effect,
combined with fairly small amounts of data.
Note: I'm not saying that the IETF should require confidentiality,
merely that it doesn't make sense for specs to go out of their
way to encourage people to turn it off without first estimating
the costs involved.
-Ekr
More information about the ietf-nntp
mailing list