[145731] in cryptography@c2.net mail archive
Re: towards https everywhere and strict transport security (was: Has there
daemon@ATHENA.MIT.EDU (Richard Salz)
Wed Aug 25 14:25:41 2010
In-Reply-To: <4C744F08.5030107@KingsMountain.com>
To: cryptography@metzdowd.com
Cc: =JeffH <Jeff.Hodges@KingsMountain.com>
From: Richard Salz <rsalz@us.ibm.com>
Date: Wed, 25 Aug 2010 09:04:20 -0400
> Also, note that HSTS is presently specific to HTTP. One could imagine
> expressing a more generic "STS" policy for an entire site
A really knowledgeable net-head told me the other day that the problem
with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
are now more prohibitive than the crypto costs. I was quite surprised to
hear this; he was stunned to find it out.
Look at the "tlsnextprotonec" IETF draft, the Google involvement in SPDY,
and perhaps this message as a jumping-off point for both:
http://web.archiveorange.com/archive/v/c2Jaqz6aELyC8Ec4SrLY
I was happy to see that the interest is in piggy-backing, not in changing
SSL/TLS.
/r$
--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
