|
From: | Paul Crowley |
Subject: | Re: [Monotone-devel] Question on layering |
Date: | Thu, 22 Feb 2007 16:47:40 +0000 |
User-agent: | IceDove 1.5.0.9 (X11/20061220) |
Ethan Blanton wrote:
Paul Crowley spake unto us the following wisdom:What proportion of the network traffic is MAC packets? That will go down when we switch to SSL.There are no MAC "packets"; there is a MAC appended to every higher-layer netsync object. For small objects, that would be nontrivial overhead.
That's what I meant. So a significant proportion of the stream is MAC; SSL would reduce our bandwidth demands noticeably. That sounds good.
However, as was discussed when the HMAC went in, SSL stream authentication sort of solves a different problem from an HMAC on each netsync entity. It's not clear that one should go away in favor of the other, at least to me.
It looks to me like they solve exactly the same problem - what do you see as the difference? The HMAC packets in Monotone are (slightly imperfectly) calculated to ensure not just that each individual packet is authentic, but that the stream of packets is authentic (ie came in that order with no gaps). SSL would authenticate the stream of bytes directly before it was broken up into packets, but the effect is exactly the same, isn't it?
-- __ \/ o\ Paul Crowley, address@hidden /\__/ http://www.ciphergoth.org/
[Prev in Thread] | Current Thread | [Next in Thread] |