Since starting to use Kerberos, which provides the option to encrypt rlogin sessions at the application layer, we noticed that using encryption caused a severe performance impact for interactive applications across dial-up lines, e.g., even 14.4kbps line using PPP.
To investigate the impact of the move to more Internet-wide use of end-to-end encryption, we took measurements to verify the source of the problem. We found a clearly non-synergistic interaction between the application, transport, and lower network layers. Although the issue became visible to us with Kerberos, it is a generic problem of performing compression and encryption in the right order. Since encryption is inherently a randomization process, it is clear that trying to compress after performing encryption will yield suboptimal results. However, many applications perform encryption at higher layers without first performing compression, leaving lower layers (e.g., modems) unable to effectively compress data before transmission. We modified the Kerberized rlogin ( klogin) to accommodate the situation, and will make the modifications publicly available .