[MUD-Dev] SSH Encryption on data stream

Mike Shaver shaver at off.net
Wed Oct 15 18:57:29 CEST 2003


On Oct 10, Christopher Allen wrote:

> In game terms, if there is a blip in a major part of the net, or
> the game crashes, when it restarts every user is going to try to
> reestablish a connection to the server at roughly the same time,
> each requiring multiple public key operations, and bringing the
> server to a halt. In web transactions this is less of an issue
> because you don't have persistent connections, and those problems
> you do have can be addressed by load balancing the web servers.

I would think that a lack of persistent connections would _hurt_ and
not help the web case; you're going to get many SSL handshakes,
which are the expensive PKI part, while the persistent case will
likely do one handshake per client (rather than per request) to
negotiate a shared secret.  (Using the shared secret as the basis of
SSL-encrypted connection handoff, rather than renegotiating the
session key when flipping to a new server, might make the handoff
less painful, though I'm assuming that you don't really care about
the endpoint authentication characteristics of the protocol, and
just the data integrity and obscurity elements.  Or I guess you
could have a dedicated SSL machine that was just performing a
sustained MITM attack "against" your backend game servers, I
suppose, since you _probably_ trust the network at that point.)

It's been a while since I had to care about SSL at that level,
though, so I could be forgetting something key.  (Ahem.)

Mike
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list