2 Mar
2020
2 Mar
'20
7:41 p.m.
I really wouldn't worry about the computational overhead.? What's
significant is the initial negotiation because that is using asymmetric
encryption, which is a dog.? That happens once.
Once the tunnel is set up, you are talking symmetric encryption,
probably AES.? AES is implemented in many general chips these days, but
even if you don't have it there, with a gigahertz processor, you'd
probably be hard put to it to measure the difference as the algorithm is
whaay more efficient that 3DES.
On 3/2/20 1:35 PM, Robert Armstrong wrote:
Are we actually talking about encrypting all the
DECnet traffic, or just
authentication? I'm a little worried about the amount of computational
overhead involved in encrypting all the DECnet traffic, although I suppose
that given the trivial volume of HECnet traffic it's not a major concern.
Bob
-----Original Message-----
From: Hecnet-list [mailto:hecnet-list-bounces+bob=jfcl.com at lists.sonic.net]
On Behalf Of Paul Koning
Sent: Monday, March 2, 2020 10:27 AM
To: hecnet at update.uu.se
Subject: Re: [HECnet] Intermittent Connection with PyDECnet?
On Mar 2, 2020, at 1:05 PM, Mark J. Blair
<nf6x at nf6x.net> wrote:
> On Mar 2, 2020, at 9:45 AM, Paul Koning <paulkoning at comcast.net> wrote:
>
> It's not there currently. SSL would be easy to do in PyDECnet given the
SSL library that exists in Python. SSH tunnel not quite so much. Would SSL
be sufficient?
I would think that SSL would be fine for the link
security. Would that
also provide a mechanism for the caller to authenticate
themself to the
upstream link?
The Python SSL library has a pile of support for certificates (in both
directions, as far as I can tell, so mutual authentication is possible).
Also ways to query the certificates used. This is stuff I haven't used
before so it will take some study to understand it.
paul
_______________________________________________
Hecnet-list mailing list
Hecnet-list at lists.sonic.net
https://lists.sonic.net/mailman/listinfo/hecnet-list