[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
EKR
ekr at rtfm.com
Fri May 27 09:42:56 PDT 2005
"Jeffrey M. Vinocur" <jeff at litech.org> writes:
> On May 27, 2005, at 6:49 AM, Brian E Carpenter wrote:
>
>> Sure, encryption and decryption on fat pipes is expensive.
>> That's a well understood problem where I work. But is
>> there anything specific to NNTP in this observation? Why would
>> NNTP deserve a get out of jail card, and not other
>> applications protocols?
>
> Most web traffic goes unencrypted...why not require that HTTPS be used
> universally?
>
> In that case, just like NNTP, there's a tremendous amount of data
> that is already public knowledge and encrypting it would provide
> minimal gain. Sure, NNTP sometimes requires passwords to initiate a
> session --
> but given the expense you describe above, commercial providers are
> wary of applying encryption to an entire multi-gigabyte datastream to
> protect the first few dozen bytes.
Understood, but it's not just a matter of not applying encryption,
because you have to actually renegotiate. The question is whether it's
worth adding protocol and implementation complexity in order to avoid
incurring that cost.
-Ekr
More information about the ietf-nntp
mailing list