towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

Richard Salz rsalz at
Wed Aug 25 09:04:20 EDT 2010

> Also, note that HSTS is presently specific to HTTP. One could imagine 
> expressing a more generic "STS" policy for an entire site

A really knowledgeable net-head told me the other day that the problem 
with SSL/TLS is that it has too many round-trips.  In fact, the RTT costs 
are now more prohibitive than the crypto costs.  I was quite surprised to 
hear this; he was stunned to find it out.

Look at the "tlsnextprotonec" IETF draft, the Google involvement in SPDY, 
and perhaps this message as a jumping-off point for both:

I was happy to see that the interest is in piggy-backing, not in changing 


STSM, WebSphere Appliance Architect

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list