towards https everywhere and strict transport security

James A. Donald jamesd at
Wed Aug 25 22:40:04 EDT 2010

On 2010-08-25 11:04 PM, Richard Salz wrote:
>> Also, note that HSTS is presently specific to HTTP. One could imagine
>> expressing a more generic "STS" policy for an entire site
> A really knowledgeable net-head told me the other day that the problem
> with SSL/TLS is that it has too many round-trips.  In fact, the RTT costs
> are now more prohibitive than the crypto costs.  I was quite surprised to
> hear this; he was stunned to find it out.

This is inherent in the layering approach - inherent in our current 
crypto architecture.

To avoid inordinate round trips, crypto has to be compiled into the 
application, has to be a source code library and application level 
protocol, rather than layers.

Every time you layer one communication protocol on top of another, you 
get another round trip.

When you layer application protocol on ssl on tcp on ip, you get round 
trips to set up tcp, and *then* round trips to set up ssl, *then* round 
trips to set up the application protocol.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list