Re: Strong Authentifikation

[Eric Rescorla <ekr@rtfm.com>]

[Resending because openldap-software bounced me as unsubscribed]

"Zamangoer, Ferruh" <ferruh.zamangoer@materna.de> writes:
> I want know what are advantages and disadvantages of different secure
> methods . Where can I read something about that. Currently I'am using SSL to
> secure my data over the network, it's really slow . But which advantages and
> disadvantages  have the SASL Framwork . Do anybody know, where I can find
> some Informations to compare security techniques. 

This is a rather open question.

The performance characteristics of any given security system
depend on the level of security you want. To a first order,
SSL is as fast as you can get if you want to do public key
key exchange. 

There are two primary performance issues:
(1) Connection overhead--the cost to establish a connection.
(2) Communications overhead--how much it slows down data
transfer.

Connection overhead is primarily determined by what form of
keying you use (asymmetric versus symmetric). Asymmetric is
slower but generally stronger.

Communications overhead is determined by whether you 
encrypt and authenticate the channel and which algorithms you use.

Since SASL supports a lot of different mechanisms, SASL performance
varies quite widely. The SASL mechanisms that are as secure as SSL are
no faster. On the other hand, if you're willing to live with a lower
security level (or if you have a lot of different authentication
mechanisms to support) than SASL may be better for you.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
Author of "SSL and TLS: Designing and Building Secure Systems"
                  http://www.rtfm.com/