[145736] in cryptography@c2.net mail archive
Re: towards https everywhere and strict transport security
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Aug 25 23:29:25 2010
Date: Thu, 26 Aug 2010 12:40:04 +1000
From: "James A. Donald" <jamesd@echeque.com>
Reply-To: jamesd@echeque.com
To: Richard Salz <rsalz@us.ibm.com>
CC: cryptography@metzdowd.com, =JeffH <Jeff.Hodges@KingsMountain.com>
In-Reply-To: <OF7CA25405.45F895BC-ON8525778A.00476B45-8525778A.0047CF0B@us.ibm.com>
On 2010-08-25 11:04 PM, Richard Salz wrote:
>> Also, note that HSTS is presently specific to HTTP. One could imagine
>> expressing a more generic "STS" policy for an entire site
>
> A really knowledgeable net-head told me the other day that the problem
> with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
> are now more prohibitive than the crypto costs. I was quite surprised to
> hear this; he was stunned to find it out.
This is inherent in the layering approach - inherent in our current
crypto architecture.
To avoid inordinate round trips, crypto has to be compiled into the
application, has to be a source code library and application level
protocol, rather than layers.
Every time you layer one communication protocol on top of another, you
get another round trip.
When you layer application protocol on ssl on tcp on ip, you get round
trips to set up tcp, and *then* round trips to set up ssl, *then* round
trips to set up the application protocol.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
