Dutch Transport Card Broken
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Wed Jan 30 14:47:46 EST 2008
On Wed, Jan 30, 2008 at 06:08:37PM -0000, Dave Korn wrote:
> On 30 January 2008 17:01, Jim Cheesman wrote:
>
> > James A. Donald:
> >>>> SSL is layered on top of TCP, and then one layers
> >>>> one's actual protocol on top of SSL, with the result
> >>>> that a transaction involves a painfully large number
> >>>> of round trips.
Jumping in late, but the idea that *TCP* (and not TLS protocol design)
adds round-trips to SSL warrants some evidence (it is very temping to
express this skepticism more bluntly).
With unextended SMTP for example, the minimum RTT count is:
0. SYN SYN-ACK
1. ACK 220
2. HELO 250
3. MAIL 250
4. RCPT 250
... n recipients
RCPT 250
4+n DATA 354
5+n ... stream of message content segments <CRLF.CRLF>
250
so it takes at least 6 RTTs to perform a delivery (of a short
single-recipient message), but only 1 of the 6 RTTs is TCP
"overhead". This is improved with PIPELINING:
0. SYN SYN-ACK
1. ACK 220
2. EHLO 250 ... PIPELINING ...
3. MAIL RCPT(n times) DATA 250 250 (n times) 354
4. ... stream of message content segments <CRLF.CRLF>
250
Here the application protocol is pipelined, and 5+n RTTs becomes 4 RTTs.
The solution is not replacing TCP, but reducing the number of lock-step
interactions in the application protocol.
If someone has a faster than 3-way handshake connection establishment
protocol that SSL could leverage instead of TCP, please explain the
design.
The TCP handshake adds a 1-RTT delay at the start of the connection.
What 0-RTT algorithm will allow the server to delay creating expensive
connections to clients until the client acks the server response or
discover the MSS before sending the first segment? With TCP, at least
SYN floods require unspoofed client IPs.
Most of the application protocols we wrap in TLS are not DNS. Sure if
you can guarantee a single packet response to a single packet request,
TCP is not the answer. Otherwise, claiming that SSL is less efficient
over TCP smacks of arrogance.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list