Re: Why SFTP performance sucks, and how to fix it

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: Why SFTP performance sucks, and how to fix it
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Tue, 8 Jul 2003 15:22:31 -0700

[OT]

On Tue, Jul 08, 2003 at 06:13:29PM -0400, Joel N. Weber II wrote:
> Unless you can get into a state where the server thinks that key
> exchange was successful and the client thinks it was unsuccessful, or
> vice versa, I'm not sure why this actually becomes a problem.
> 
> The places key exchange can fail when both sides support the same
> algorithm, assuming the connection doesn't break and you don't have a
> man in the middle:
> 
> 1) GSSAPI failures, which generally are going to happen early in the
>    process, before you successfully transfer your large numbers (since
>    the public diffie-hellman numbers get encrypted with GSSAPI).

I've experienced this one enough times (for a variety of reasons) that
I've wished that the client could then re-try w/o gss keyex.

Cheers,

Nico
--

References:
- Why SFTP performance sucks, and how to fix it
  - From: Peter Gutmann
- Re: Why SFTP performance sucks, and how to fix it
  - From: Nicolas Williams
- Re: Why SFTP performance sucks, and how to fix it
  - From: Joel N. Weber II

Prev by Date: Re: Why SFTP performance sucks, and how to fix it
Next by Date: Re: Why SFTP performance sucks, and how to fix it
Previous by Thread: Re: Why SFTP performance sucks, and how to fix it
Next by Thread: retrying keyex (was: Re: Why SFTP performance sucks, and how to fix it)
Indexes:

Home | Main Index | Thread Index | Old Index