Since starting to use
Kerberos,
which provides the
option to encrypt rlogin
sessions at the application
layer, we noticed that using encryption
caused a severe performance impact
for interactive applications
across dial-up lines, e.g.,
even 14.4kbps line using PPP.
To investigate the impact of the move
to more Internet-wide use of
end-to-end encryption,
we took measurements to verify the
source of the problem.
We found a clearly non-synergistic
interaction between the application,
transport, and lower network layers.
Although the issue became
visible to us with Kerberos, it is a
generic problem of performing
compression and encryption
in the right order. Since encryption
is inherently a randomization process,
it is clear that trying to compress
after performing encryption will yield
suboptimal results.
However, many applications
perform encryption at higher layers
without first performing compression,
leaving lower layers (e.g., modems)
unable to effectively compress data before
transmission.
We modified the Kerberized
rlogin ( klogin)
to accommodate the situation,
and will make the modifications
publicly available [2].