Security and latency
The downside of things like OpenSSH certificates, Kerberos, and SSL is that the connection setup time will take longer; so, in most cases, you'll want to establish a connection and hold it open before you actually need it. That way you aren't constantly handling the cost of setup and teardown. Although this approach is suitable for things like connecting to remote message queues and file servers, it can pose a problem if you need a large number of clients to connect to a large number of servers. In that case, you might want to investigate hardening the perimeter and removing authentication entirely to speed things up.
September 2013 Issue 154 linux-magazine.com | Linuxpromagazine.com
Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He often wonders how it is that technology works on a large scale but often fails on a small scale.
Buy this article as PDF
Kernel king admits his tone has alienated volunteers, but says the demands of the process require directness.
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.