[linux-elitists] Pompous Top 10 List

Choong Ng choong@ssc.com
Thu Jun 14 15:10:33 PDT 2001


> > and the VPN is doing crypto as well as NAT, it might be slower, because
> > you're getting double-encrypted.
> > 
> 
> That's true.  I wonder if a crypted VPN could detect encrypted traffic
> and just flag it to leave it alone.  Or would this not be desirable?

Two points:

 1) Computers are so fast now that you'd hardly notice the difference
    except in really high-bandwidth applications.

 2) Just telling the outside world what you're running through your
    tunnel (by exposing the contents, encrypted or not) is a bad idea
    for the same reason that allowing your internal namespace to 
    resolve from the outside is a bad idea: Even though it doesn't
    directly compromise a machine, it does leak potentially dangerous
    information.

My $.02
 -Choong



More information about the linux-elitists mailing list