towards https everywhere and strict transport security
James A. Donald
jamesd at echeque.com
Wed Aug 25 22:40:04 EDT 2010
On 2010-08-25 11:04 PM, Richard Salz wrote:
>> Also, note that HSTS is presently specific to HTTP. One could imagine
>> expressing a more generic "STS" policy for an entire site
>
> A really knowledgeable net-head told me the other day that the problem
> with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
> are now more prohibitive than the crypto costs. I was quite surprised to
> hear this; he was stunned to find it out.
This is inherent in the layering approach - inherent in our current
crypto architecture.
To avoid inordinate round trips, crypto has to be compiled into the
application, has to be a source code library and application level
protocol, rather than layers.
Every time you layer one communication protocol on top of another, you
get another round trip.
When you layer application protocol on ssl on tcp on ip, you get round
trips to set up tcp, and *then* round trips to set up ssl, *then* round
trips to set up the application protocol.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list