[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
EKR
ekr at rtfm.com
Thu May 26 14:27:48 PDT 2005
"Forrest J. Cavalier III" <forrest at mibsoftware.com> writes:
> EKR wrote:
>
>> Yes, I'm familiar with all this, but what's relevant here is not
>> the absolute cost but the relative cost compared to other things that
>> are taking up CPU (Amdahl's law again). That's why you need
>> actual measurements.
>
> Are you saying that to be sure the bridge falls down, you must
> build the bridge first?
No. I'm saying that you need to have some engineering model
for what you're doing, and that involves having measurements
of the relative costs of various activities.
> I am not a SASL expert, but think of the issue in general...
>
> It is my understanding that using symmetric ciphers on known and
> public plaintext (e.g. Usenet messages) allows easy recovery of
> the encryption keys.
Your understanding is incorrect.
> There is no way that asymmetric ciphers are fast enough even on
> CLIENTS, let alone servers, to use them for a general purpose
> Usenet session.
The way that modern comsec systems such as SSL/TLS work is that they
use an asymmetric algorithm for key exchange and then a symmetric
cipher for content encryption. As I indicated previously, there has
been quite a bit of performance work on this topic. See, for instance:
C. Coarfa, P. Druschel, and D. Wallach. Performance Analysis of TLS
Web Servers. In Proceedings of NDSS '02,
2002. http://citeseer.ist.psu.edu/coarfa02performance.html
-Ekr
More information about the ietf-nntp
mailing list