[JDEV] Scaling

Jeremie jer at jeremie.com
Sun May 2 11:19:08 CDT 1999


> Do we have any kind of goals for what kind of client load we want the
> servers to be able to scale up to?  I'm wondering right now as I am doing
> a function in mod_digsig to generate a new key pair to be issued to a
> client (this is done one time; this basically gives them their
> public/private keypair they use from then on).  The default is 1024 bit
> (pretty sure; it's in the documentation somewhere...I seem to remember
> that's what the ElGamal default is) and takes anywhere from 2-9 seconds
> (rough measurement of me putting printf's before and after and counting
> out loud :), totally varying on the nature of what the key's components
> ended up being.  This is on a PPro 200.  Sure, issuing an initial key pair
> doesn't happen very much _per client_ (like just 1 time, basically), but
> if your servers are as heavily loaded as, say, icq.mirabilis.com, it might
> be an issue.  Also, I have yet to measure the time it takes to verify a
> signature, as a verification will happen at secure logins. (which will be
> a much more frequent occurence than key pair generation)

Right now that could be a performance issue, but that should be solved
before 1.0 since we are moving to a threaded model.  You should be able to
create a keygen thread and just queue up requests on it... this way if for
some reason 100 registration requests come in within a minute you won't
overload the server, it will just take some time before the last ones get
their key.

The goal right now is to make everything functional on a small scale and
stabalize the APIs, then focus will shift onto threads/performance as the
rest of the world starts building up transports, modules, and clients.

> Also, as far as legality, does anyone know how this works...with cryptlib
> being developed offshore (New Zealand)...so I have it on my machine
> now...is it illegal for me to give this code to someone who is offshore
> (even though it was developed offshore as well)? (in other words, do I
> have to restrict access to this code, or is it wide open?)

IANAL, so I can't help ya much there :)

Jer




More information about the JDev mailing list