On Thu, Jul 04, 2002 at 11:14:36AM -0400, Thor Lancelot Simon wrote:

> Horsepuckey.  Go tell everyone who runs enormous compute clusters that
> there is "no harm" in "securing" the connections on their internal
> interconnect networks.  I hope your eardrums don't burst from the thunderous
> outburst of laughter.
> 
> Encryption isn't free.  It loads the CPU and, worse in some cases, increases
> latency.  Perhaps you don't happen to have or use a computer system where
> that would matter, but it's the height of arrogance to pretend that nobody
> else does.

Amen.

You don't even have to have clusters of machines to have problems
like this.  ssh is difficult on my LAN which has two NetBSD servers
(Sun SS5's).  Add to the CPU problem things like getting ssh-agent and
other password-free techniques to work, and it's a lot of hassle.

It was, however, very easy to tighten my firewall, and unless I develop
multiple personalities, no one is going to install hidden net access
anywhere on my LAN.

Most of my earlier confidence in ssh security and usability has been
shaken in the last year or so.

-- 
UNIX/Perl/C/Pizza__________________________________shannon@widomaker.com