[erlang-questions] re crappy security (RE: Erlang presentation slides)

Ulf Wiger (TN/EAB) <>
Thu Jun 7 11:43:22 CEST 2007


Since that's a general question, you're 
likely to find several documents. I found the
following with a simple google search:

"A Technical Comparison of IPSec and SSL"
Alshamsi & Saito, Tokyo University of Technology
http://eprint.iacr.org/2004/314.pdf

The answer to the question is that it depends on
several factors. You will find them listed in the
paper. For example, IPSec supports compression, 
which can be quite beneficial in some cases, but 
interoperability seems much better with SSL.

I think the paper illustrates that there are
tradeoffs between security level and performance,
and that there isn't one single solution to 
security that is "best". Given that, the idea of 
achieving security via a VPN seems quite 
reasonable.

BR,
Ulf W

> -----Original Message-----
> From: Kirill Zaborski [mailto:] 
> Sent: den 7 juni 2007 11:30
> To: Ulf Wiger (TN/EAB)
> Cc: Fredrik Thulin; 
> Subject: Re: [erlang-questions] re crappy security (RE: 
> Erlang presentation slides)
> 
> But what about connection speed. Will IPSec be much quicker 
> than SSL or with a decent connection it doesn't really matter 
> for common Erlang applications?
> Has anyone done some measurements?
> 
> Regards,
> Kirill.
> 
> On 6/7/07, Ulf Wiger (TN/EAB) <> wrote:
> 
> > I didn't mention running distributed Erlang over ssl, since I was 
> > under the impression that it's not officially supported, 
> but perhaps 
> > it is?
> >
> > BR,
> > Ulf W
> >
> > > -----Original Message-----
> > > From: Fredrik Thulin [mailto:]
> > > Sent: den 7 juni 2007 10:17
> > > To: Ulf Wiger (TN/EAB)
> > > Cc: Toby DiPasquale; 
> > > Subject: Re: [erlang-questions] re crappy security (RE:
> > > Erlang presentation slides)
> > >
> > > Ulf Wiger (TN/EAB) wrote:
> > > >
> > > > Just one comment,
> > > >
> > > > It is often highlighted that Erlang's cookie-based security
> > > model is
> > > > not suitable for open networks (this is true), but it's 
> not often 
> > > > mentioned how easy it is to roll your own rpc on top of
> > > just about any
> > > > transport protocol.
> > >
> > > What's so crappy with shared secret if you use 
> -proto_dist inet_ssl?
> > >
> > > Or is the crap that you can execute arbitrary code on 
> remote nodes, 
> > > given that you know the shared secret? This I would agree with, I 
> > > think... It's a two edged sword.
> > >
> > > /Fredrik
> > >
> > >
> > _______________________________________________
> > erlang-questions mailing list
> > 
> > http://www.erlang.org/mailman/listinfo/erlang-questions
> >
> 



More information about the erlang-questions mailing list