Subject Re: [Firebird-Architect] Re: Crypto Extentions to Remote Protocol
Author Mark O'Donohue
Hi Roman

> So my suggestion would be to forget performance improvement for now
> and concentrate on security. Jim's approach is nice, however requires
> more coding compared to simply using SSL. For now I'm in favor of SSL,
> but if somebody demonstrates me that SSL is much slower compared to
> encrypting the single packets, I am ready to implement new scheme in
> JayBird.

Don't get me wrong, I think we should support tunnelling over SSL, (I do
like the postgres mode that detects SSL straight from the input stream).

But in addition some (hopefully minor) changes to a v2 wire protocol
could give us the ability to have better session validation, auth
schemes, and password management even for clear connections.

Fortunately however, ZeBeeDee and ssh tunnelling already work well and
are supported if a secure connection is needed :-).



PS: Sorry for the brief answer, you (as always) put your case well, and
there were lots of point's to comment on, but unfortunatly Im slow at
typing email and don't have much time. Hopefully however this answers
the core of your question.