Ethan Blanton wrote:
Paul Crowley spake unto us the following wisdom:
What proportion of the network traffic is MAC packets? That will go
down when we switch to SSL.
There are no MAC "packets"; there is a MAC appended to every
higher-layer netsync object. For small objects, that would be
nontrivial overhead.
That's what I meant. So a significant proportion of the stream is MAC;
SSL would reduce our bandwidth demands noticeably. That sounds good.
However, as was discussed when the HMAC went in, SSL stream
authentication sort of solves a different problem from an HMAC on each
netsync entity. It's not clear that one should go away in favor of
the other, at least to me.
It looks to me like they solve exactly the same problem - what do you
see as the difference? The HMAC packets in Monotone are (slightly
imperfectly) calculated to ensure not just that each individual packet
is authentic, but that the stream of packets is authentic (ie came in
that order with no gaps). SSL would authenticate the stream of bytes
directly before it was broken up into packets, but the effect is exactly
the same, isn't it?
--
__
\/ o\ Paul Crowley, [EMAIL PROTECTED]
/\__/ http://www.ciphergoth.org/
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
