[HECnet] Intermittent Connection with PyDECnet?
Thomas DeBellis
tommytimesharing at gmail.com
Mon Mar 2 10:41:18 PST 2020
I really wouldn't worry about the computational overhead. What's
significant is the initial negotiation because that is using asymmetric
encryption, which is a dog. That happens once.
Once the tunnel is set up, you are talking symmetric encryption,
probably AES. AES is implemented in many general chips these days, but
even if you don't have it there, with a gigahertz processor, you'd
probably be hard put to it to measure the difference as the algorithm is
whaay more efficient that 3DES.
On 3/2/20 1:35 PM, Robert Armstrong wrote:
> Are we actually talking about encrypting all the DECnet traffic, or just
> authentication? I'm a little worried about the amount of computational
> overhead involved in encrypting all the DECnet traffic, although I suppose
> that given the trivial volume of HECnet traffic it's not a major concern.
>
> Bob
>
> -----Original Message-----
> From: Hecnet-list [mailto:hecnet-list-bounces+bob=jfcl.com at lists.sonic.net]
> On Behalf Of Paul Koning
> Sent: Monday, March 2, 2020 10:27 AM
> To: hecnet at update.uu.se
> Subject: Re: [HECnet] Intermittent Connection with PyDECnet?
>
>
>
>> On Mar 2, 2020, at 1:05 PM, Mark J. Blair <nf6x at nf6x.net> wrote:
>>
>>
>>
>>> On Mar 2, 2020, at 9:45 AM, Paul Koning <paulkoning at comcast.net> wrote:
>>>
>>> It's not there currently. SSL would be easy to do in PyDECnet given the
> SSL library that exists in Python. SSH tunnel not quite so much. Would SSL
> be sufficient?
>> I would think that SSL would be fine for the link security. Would that
> also provide a mechanism for the caller to authenticate themself to the
> upstream link?
>
> The Python SSL library has a pile of support for certificates (in both
> directions, as far as I can tell, so mutual authentication is possible).
> Also ways to query the certificates used. This is stuff I haven't used
> before so it will take some study to understand it.
>
> paul
>
>
> _______________________________________________
> Hecnet-list mailing list
> Hecnet-list at lists.sonic.net
> https://lists.sonic.net/mailman/listinfo/hecnet-list
>
More information about the Hecnet-list
mailing list