[114443] in cryptography@c2.net mail archive
Re: Dutch Transport Card Broken
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Feb 1 14:46:01 2008
Date: Fri, 1 Feb 2008 11:05:38 -0600
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "James A. Donald" <jamesd@echeque.com>
Cc: "'Cryptography'" <cryptography@metzdowd.com>
In-Reply-To: <47A2D739.1070808@echeque.com>
On Fri, Feb 01, 2008 at 06:24:25PM +1000, James A. Donald wrote:
> You are asking for a layered design that works better than the existing
> layered design. My claim is that you get an additional round trip for
> each layer - which your examples have just demonstrated.
>
> SSL has to be on top of a reliable transport layer, hence has to have an
> extra round trip. I was not proposing something better *for* SSL, I was
> proposing something better *instead* *of* SSL. If one takes SSL as a
> given, then indeed, *three* round trips are needed before the client can
> send any actual data - which is precisely my objection to SSL.
What, specifically, are you proposing? Running the web over UDP?
That's the only alternative that I can see short of modifying TCP or
IPsec. I doubt any of those three will take the web world by storm, but
HTTP over DTLS over UDP would have to be least unlikely, and even then,
I strongly doubt it.
I think we'll just have to deal with those round-trips. As long as
there be plenty of other, cheaper or more practical ways to improve web
app performance, that's all we're likely to see pursued.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
