Itamar Shtull-Trauring wrote:
Toby Dickenson wrote:
but ssh port forwarding is only one layer of TCP. ssh port forwarding is good.
I'mp pretty sure it's TCP over TCP (ssh protocol does multiplexing). SSL OTOH is not TCP over TCP.
I think you are mistaken. :-) The site you referred to says that TCP over TCP is a bad idea because TCP always assumes an unreliable transport, and stacking the compensation results in excessive retries and a far less reliable connection. I agree, this is likely to be a problem. But you don't need reliability compensation to multiplex. SSH assumes the transport layer is reliable. So an SSH tunnel and an SSL tunnel are virtually synonymous. Now, if ZEO accepted SSL connections directly, it would be quite secure and easy to use. But an out-of-process SSL tunnel would suffer from exactly the same difficulties an SSH tunnel does. The Python standard library has good support for an SSL client but not for an SSL server. Shane