From owner-freebsd-hackers@FreeBSD.ORG  Thu Jul 24 12:48:36 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 087DC37B404
	for <freebsd-hackers@freebsd.org>;
	Thu, 24 Jul 2003 12:48:35 -0700 (PDT)
Received: from kientzle.com (h-66-166-149-50.SNVACAID.covad.net
	[66.166.149.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1360F43F93
	for <freebsd-hackers@freebsd.org>;
	Thu, 24 Jul 2003 12:48:35 -0700 (PDT)
	(envelope-from kientzle@acm.org)
Received: from acm.org ([66.166.149.53])
	by kientzle.com (8.12.9/8.12.9) with ESMTP id h6OJmKsE032773;
	Thu, 24 Jul 2003 12:48:20 -0700 (PDT)
	(envelope-from kientzle@acm.org)
Message-ID: <3F203807.6010805@acm.org>
Date: Thu, 24 Jul 2003 12:48:23 -0700
From: Tim Kientzle <kientzle@acm.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20021005
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Dirk-Willem van Gulik <dirkx@webweaving.org>
References: <20030724194228.P65000-100000@foem>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: Diomidis Spinellis <dds@aueb.gr>
cc: Luigi Rizzo <rizzo@icir.org>
cc: John-Mark Gurney <gurney_j@efn.org>
cc: freebsd-hackers@freebsd.org
Subject: Re: Network pipes
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: kientzle@acm.org
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2003 19:48:36 -0000

Dirk-Willem van Gulik wrote:
>>I think this should just be a utility like Luigi suggested.  This will
>>help "solve" these problems.
> 
> And in large part the traditional netpipe/socket tools in combination with
> the -L and -R flags of SSH solve these issues rather handily. And when
> used with ssh-keyagent rather nicely.

But piping GBs of data through an encrypted SSH connection
is still slow.  The performance issues the OP is
trying to address are real.

Another approach would be to add a new option to SSH
so that it could encrypt only the initial authentication,
then pass data unencrypted after that.  This would
go a long way to addressing the performance concerns.

Tim