[1115] in Kerberos_V5_Development
Re: OV admin system integration plan
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon May 6 11:19:19 1996
Date: Mon, 6 May 96 11:19:01 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: marc@MIT.EDU
Cc: don@cam.ov.com, krbdev@MIT.EDU
In-Reply-To: <199605060355.XAA07537@cutter-john.mit.edu> (message from Marc Horowitz on Sun, 05 May 1996 23:55:39 EDT)
I don't think performance in session key generation in the kdc is that
important.
I disagree. Performance, like spelling, always matters. As of beta 4
at least, a KDC could process only 4-5 transactions per second on an
SS2. That's humiliatingly slow. The reason it got that way is that
everyone kept rationalizing that "everything is fast compared to
encryption" but once you have a hundred such rationalizations the code
crawls.
Aren't fast software DES implementations capable of encrypting a few
hundred thousand bytes per second? That's a lot more than the 400-500
bytes our KDC can produce.
Barry
