[114417] in cryptography@c2.net mail archive
Re: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Fri Feb 1 09:18:37 2008
Date: Thu, 31 Jan 2008 23:12:45 -0500
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com
Mail-Followup-To: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
In-Reply-To: <E1JKjYj-0001It-Pp@wintermute01.cs.auckland.ac.nz>
On Fri, Feb 01, 2008 at 01:15:09PM +1300, Peter Gutmann wrote:
> Victor Duchovni <Victor.Duchovni@MorganStanley.com> writes:
>
> >Jumping in late, but the idea that *TCP* (and not TLS protocol design) adds
> >round-trips to SSL warrants some evidence (it is very temping to express this
> >skepticism more bluntly).
>
> If anyone's interested, I did an analysis of this sort of thing in an
> unpublished draft "Performance Characteristics of Application-level Security
> Protocols", http://www.cs.auckland.ac.nz/~pgut001/pubs/app_sec.pdf. It
> compares (among other things) the cost in RTT of several variations of SSL and
> SSH. It's not the TCP RTTs that hurt, it's all the handshaking that takes
> place during the crypto connect. SSH is particularly bad in this regard.
Thanks, an excellent reference! Section 6.2 is most enlightening, we were
already considering adopting HPN fixes in the internal OpenSSH deployment,
this provides solid material to motivate the work...
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
