On Sun, May 14, 2006 at 05:29:30PM -0700, Kyle Hamilton wrote:
> as has been mentioned before, premature
> optimization is the root of all evil. Write the code, determine the
> bottlenecks with a profiler, and optimize them. Most of the time
> you'll find the bottlenecks aren't in the SSL/TLS layer at all.
One does however need to somehow find the right security framework for
the application, not so much based on performance guesses, but based on
suitability of the framework to the target environment and threat model.
Here, one needs to compare Kerberos (used directly or via SASL), with
OpenSSL. Kerberos is a better fit *within* organizations, provided
the organization is prepared to field some KDCs and enroll all the
required principals. TLS with X.509 is typically more suitable in
inter-organizational deployments.
The real security of the system is much more dependent on how it is
administered than the underlying technology (barring serious technical
errors). The primary selection criterion is finding a good fit for the
real-life processes the users will engage in.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
