[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
EKR
ekr at networkresonance.com
Tue May 24 12:01:24 PDT 2005
Russ Allbery <rra at stanford.edu> wrote:
> EKR <ekr at networkresonance.com> writes:
> > Ken Murchison <ken at oceana.com> wrote:
>
> >> Coming from the email world, I tried to argue this same point, but was
> >> told that given the sheer volume of NNTP traffic, using TLS for an
> >> entire session is unrealistic in the real world. Feel free to search
> >> the list archives or renew this discussion.
>
> > Yes, I recall repeated vigorous assertions to this effect, combined with
> > fairly small amounts of data.
>
> I believe Andrew Gierth had concrete data in this area.
I'd be interested in seeing it.
> Note that one of the reasons why encryption gets odd reactions from the
> NNTP community is that, unlike e-mail, all of the data except for the
> authentication is public in some of our most common use cases. This is
> not, itself, a reason to not do encryption (the performance impact is
> really the thing to worry about), but it feels intuitively weird to bother
> encrypting the contents of public Usenet hierarchies.
Sure, but now we're into the "is this a worthwhile optimization"
phase.
There's a substantial complexity cost to having SSL/TLS implementations
rehandshake. If you just wanted to do NULL all the time, I'd have
no real argument with that. It's the desire to negotiate RC4 (or
whatever) and then back down to NULL that I think needs to be
supported with measurements.
-Ekr
More information about the ietf-nntp
mailing list