Dutch Transport Card Broken
Eric Rescorla
ekr at networkresonance.com
Wed Jan 30 10:10:13 EST 2008
At Wed, 30 Jan 2008 09:04:37 +1000,
James A. Donald wrote:
>
> Ivan Krstic' wrote:
> > Some number of these muppets approached me over the
> > last couple of years offering to donate a free license
> > for their excellent products. I used to be more polite
> > about it, but nowadays I ask that they Google the
> > famous Gutmann Sound Wave Therapy[0] and mail me
> > afterwards.
>
> Gutmann Sound Wave Therapy: Gutmann recommends:
> : : Whenever someone thinks that they can replace
> : : SSL/SSH with something much better that they
> : : designed this morning over coffee, their
> : : computer speakers should generate some sort
> : : of penis-shaped sound wave and plunge it
> : : repeatedly into their skulls until they
> : : achieve enlightenment.
>
> On SSL, Gutmann is half wrong:
>
> SSL key distribution and management is horribly broken,
> with the result that everyone winds up using plaintext
> when they should not.
>
> SSL is layered on top of TCP, and then one layers one's
> actual protocol on top of SSL, with the result that a
> transaction involves a painfully large number of round
> trips.
>
> We really do need to reinvent and replace SSL/TCP,
> though doing it right is a hard problem that takes more
> than morning coffee.
I can't believe I'm getting into this with James.
Ignoring the technical question of "broken", I know of no evidence
whatsoever that round trip latency is in any way a limiting factor for
people to use SSL/TLS. I've heard of people resisting using SSL for
performance concerns, but they're almost always about the RSA
operation on the server (and hence the cost of server hardware).
If you have some evidence I'd be interested in hearing it.
-Ekr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list