"I sure would appreciate if someone could tell me if this is a bad idea and why, the more I know now at this time the better."
Encryption adds latency to your traffic, double encryption just adds another delay. While this extra layer of security may be necessary for servers that have processing power to handle the load, one should weigh the pros and cons of client-to-server. It is asking a lot for a laptop to do this and not have users notice the delay, even in today's dual-core machines. Also important is that both ends of the SSH/SSL tunnel be under the same control, which is usually typical for IPSec site-to-site VPNs. I do not notice the delay on my 64-bit dual core desktop, when connecting to remote servers using double-encryption. The quality of the connection is key; in my case I have a controlled environment going through the same provider (Sprint) between Los Angeles and London (i.e. I use IPSec tunnel mode for the site-to-site, then IPSec transport for server-to-server). While IPSec is different in implementation than your SSL/SSH they essentially perform the same function of providing a secure tunnel through which to transmit/receive critical/private information. Do you also have control over both ends of your connection? I have always found that profit and productivity come before security. If this setup is for secure monitoring or securing data between servers (for example) this may provide some additional piece of mind for your customer. If this is for the CEO or VP of Sales/Marketing to securely connect to your LAN, this solution will have a short existence. Good luck! Edward Ray (SecAdmin) -- This mail was scanned by BitDefender For more informations please visit http://www.bitdefender.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
