> From: Dave Huang <khym@azeotrope.org>
> Date: Mon, 21 Nov 2005 18:52:58 -0600
> To: William Duke <wduke@cogeco.ca>
> Cc: port-macppc@NetBSD.org
> Subject: Re: Unofficial macppc 2.1 ISO for old world machines
> 
> On Mon, Nov 21, 2005 at 01:54:20PM -0500, William Duke wrote:
>> I meant the extra "security" mile.  I have no need for the extra security
>> since I'm on a closed network with virtually no chance of outside intrusion.
> 
> Ah... well, I think it's better to think of security as the baseline,
> rather than a nice extra option that you only turn on when you feel
> it's needed. So the question goes back to: Why use the insecure method
> when the secure method costs nothing extra? But as you point out, the
> secure method does have a cost...
> 

Yes, I suppose you are right, if you're wanting and/or needing to be overly
paranoid.  Perhaps if you were taking a stance against a commercial entity,
you might need to be paranoid.  For the most part, unless they're really out
to get you, or you've given them some reason to come after you, it's
generally not necessary to be overly paranoid.

If I were connecting to my machines over the Internet, I could understand
the necesity for ssh over telnet.  If I were running a corporate network or
any sensitive network where multiple people had access to some portion of
the network, I could understand the reasoning behind ssh versus telnet.  But
honestly, for me to use telnet in my setup, is about the same as scrambling
the video output of your vcr for transmission to your television.  While it
is probably the "right" thing to do, it's totally unnecessary.

I do agree with you on all of the points that you raise, I just don't think
that a secure shell is the best option for my particular situation.  If I
had security concerns to deal with, then ssh would be my choice.  Since I
don't have such security concerns, performance is my preference and,
therefore, telnet is my choice.  I realize and recognize that the
performance hit is minimal, but a minimal performance hit is a performance
hit nonetheless.

>> I suppose there's the performance argument.  Cleartext is processed much
>> quicker and requires fewer processor resources.
> 
> I agree that encryption uses more CPU, but is this a problem in
> practice? I run sshd on a 25MHz 68040, and have run it on a 25MHz
> 80386... On the '040, it takes about 30 seconds to get logged in, but
> after that, it's more than fast enough for me. My 60 wpm or so typing
> (usually much less than that when typing shell commands) and the few
> hundred bytes of response from those commands don't seem to be
> particularly taxing to the CPU :)