[linux-elitists] Pompous Top 10 List

Heather star@betelgeuse.starshine.org
Fri Jun 15 00:47:10 PDT 2001


> > > and the VPN is doing crypto as well as NAT, it might be slower, because
> > > you're getting double-encrypted.
> > > 
> > 
> > That's true.  I wonder if a crypted VPN could detect encrypted traffic
> > and just flag it to leave it alone.  Or would this not be desirable?
> 
> Two points:
> 
>  1) Computers are so fast now that you'd hardly notice the difference
>     except in really high-bandwidth applications.

I use tunneled X sometimes, and believe me - you notice!  Recognize any
of these?

	"Noone will ever use 640 k, much less a megabyte"

	"There's a total world market for 5, maybe 10 computers"

Established technology tends to persist in the face of new technology.
		-- G. Blaauw, one of the designers of System 360

There are two kinds of fool. One says, "This is old, and therefore good."
And one says, "This is new, and therefore better"
                -- John Brunner, "The Shockwave Rider"

Just because *your* computers are fast - even if you own both ends - doesn't
mean all the hops in between are.

>  2) Just telling the outside world what you're running through your
>     tunnel (by exposing the contents, encrypted or not) is a bad idea
>     for the same reason that allowing your internal namespace to 
>     resolve from the outside is a bad idea: Even though it doesn't
>     directly compromise a machine, it does leak potentially dangerous
>     information.

Yes.

Another matter is if there's some "flag me as okay to expose" -- then sure
as caffeine is addictive then some script kiddie will find a way to abuse it.

* Heather * The best way to keep a secret is for it not to be known that
            there is a secret.



More information about the linux-elitists mailing list