Date: Tue, 10 Nov 2015 17:41:02 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, freebsd-current@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: OpenSSH HPN Message-ID: <20151111014102.GQ65715@funkthat.com> In-Reply-To: <56428C84.8050600@FreeBSD.org> References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bryan Drewery wrote this message on Tue, Nov 10, 2015 at 16:32 -0800:
> On 11/10/15 9:52 AM, John-Mark Gurney wrote:
> > My vote is to remove the HPN patches. First, the NONE cipher made more
> > sense back when we didn't have AES-NI widely available, and you were
> > seriously limited by it's performance. Now we have both aes-gcm and
> > chacha-poly which it's performance should be more than acceptable for
> > today's uses (i.e. cipher performance is 2GB/sec+).
>
> AES-NI doesn't help the absurdity of double-encrypting when using scp or
> rsync/ssh over an encrypted VPN, which is where NONE makes sense to use
> for me.
Different layers of protection...
Do you disable all encryption when you're transiting trusted networks
like your VPN? If you don't, why is that ssh session so special?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151111014102.GQ65715>