Why TLS doesn't replace VPN for Enterprise customers

If you can establish a TLS connection to your enterprise remotely. then why do you need VPN/IPSEC? Given that any TCP based protocol can be run over TLS it would seem that the ubiquitous support for TLS has solved our remote access end-to-end security problems.

Continue reading Why TLS doesn't replace VPN for Enterprise customers

Limitations of IP Multicasting

For a long time there has been the distant promise that someday we would all just use IP multicasting for distributing content through the Internet. The idea that one could send a packet to one address and have it magically appear at multiple destinations was a compelling one. However IP Multicast has never taken off outside of Intranets. I believe that the fundamental reason for IP Multicast's failure to reach its promised potential is that IP Multicast does not scale very well. Specifically, each router on the distribution path of an IP Multicast must allocate memory to remember that multicast for the length of the multicast session. This means that as the number of multicast sessions that cross that router grow so will the amount of memory the router has to allocate. While the rate of increase of multicast sessions is exponential the rate of increase of memory required is linear.

Continue reading Limitations of IP Multicasting

Security/Performance/Reliability (SPR) and the Myth of Experts

It begins when management realizes that a systemic problem exists in the software they are developing, usually security, performance or reliability (SPR) related. Management gets worried and decides to bring in an expert, a guru who is to fix the problem.

Continue reading Security/Performance/Reliability (SPR) and the Myth of
Experts