towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)
Richard Salz
rsalz at us.ibm.com
Wed Aug 25 09:04:20 EDT 2010
> Also, note that HSTS is presently specific to HTTP. One could imagine
> expressing a more generic "STS" policy for an entire site
A really knowledgeable net-head told me the other day that the problem
with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
are now more prohibitive than the crypto costs. I was quite surprised to
hear this; he was stunned to find it out.
Look at the "tlsnextprotonec" IETF draft, the Google involvement in SPDY,
and perhaps this message as a jumping-off point for both:
http://web.archiveorange.com/archive/v/c2Jaqz6aELyC8Ec4SrLY
I was happy to see that the interest is in piggy-backing, not in changing
SSL/TLS.
/r$
--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list