| 1 |
On Friday 12 November 2004 16:54, Brian G. Peterson wrote: |
| 2 |
> On Friday 12 November 2004 09:02 am, Dan Margolis wrote: |
| 3 |
> > Klaus Wagner wrote: |
| 4 |
> > > I think if the rsync mirrors are too stressed for signation, they would |
| 5 |
> > > be too stressed for rsync too, allthough rsync could be tunneled too. |
| 6 |
> > |
| 7 |
> > One of the suggestions we were kicking around was to use Stunnel to |
| 8 |
> > encrypt rsync over SSL. This, of course, fails to be as encompassing as |
| 9 |
> > the Final Solution involving GPG, but is suitable as a stopgap. We |
| 10 |
> > rejected it because of concern about server load on the mirrors, |
| 11 |
> > actually, since SSL does introduce some significant CPU overhead. |
| 12 |
> |
| 13 |
> wouldn't public-key rsync over ssh be a lower CPU load option than rsync |
| 14 |
> over SSL? This option would also be suitable as a 'secure rsync' method |
| 15 |
> for remote users, if you wanted to push it out that far. I can see how CPU |
| 16 |
> load for remote users to tunnel rsync over SSL or ssh, but the connection |
| 17 |
> between the Gentoo rsync master and the mirrors could be secured this way. |
| 18 |
|
| 19 |
The difference between ssh and ssl is very minimal in terms of performance, |
| 20 |
however ssl focusses on public services with public certificates, while ssh |
| 21 |
focusses on authenticated shell access to known users. The load difference |
| 22 |
should be minimal anyway, but ssh is not suitable for the public rsync |
| 23 |
service, for inter-mirror rsync it would be acceptable. |
| 24 |
|
| 25 |
Paul |
| 26 |
|
| 27 |
-- |
| 28 |
Paul de Vrieze |
| 29 |
Gentoo Developer |
| 30 |
Mail: pauldv@g.o |
| 31 |
Homepage: http://www.devrieze.net |
Archives