towards https everywhere and strict transport security (was: Has there been a change in US banking regulations recently?)

Chris Palmer chris at noncombatant.org
Thu Aug 26 16:01:11 EDT 2010 

Richard Salz writes:

> A really knowledgeable net-head told me the other day that the problem
> with SSL/TLS is that it has too many round-trips.  In fact, the RTT costs
> are now more prohibitive than the crypto costs.  I was quite surprised to
> hear this; he was stunned to find it out.

Cryptographic operations are measured in cycles (i.e. nanoseconds now);
network operations are measured in milliseconds. That should not be a
stunning surprise.

What is neither stunning nor surprising, but continually sad, is that web
developers don't measure anything. Predictably, web app performance is
unnecessarily terrible.

I once asked some developers why they couldn't use HTTPS. "Performance!" was
the cry.

"Ok," I said. "What is your performance target, and by how much does HTTPS
make you miss it? Maybe we can optimize something so you can afford HTTPS
again."

"As fast as possible!!!" was the response.

When I pointed out that their app sent AJAX requests and responses that were
tens or even hundreds of KB every couple seconds, and that as a result their
app was barely usable outside their LAN, I was met with blank stares.

Did they use HTTP persistent connections, TLS session resumption, text
content compression, maximize HTTP caching, ...? I think you can guess. :)

Efforts like SPDY are the natural progression of organizations like Google
*WHO HAVE ALREADY OPTIMIZED EVERYTHING ELSE*. Until you've optimized the
content and application layers, worrying about the transport layers makes no
sense. A bloated app will still be slow when transported over SPDY.

Developers are already under the dangerous misapprehension that "TLS is too
expensive". When they hear security experts and cryptographers mistakenly
agree, the idea will stick in their minds forever; we will have failed.

The problem comes from insufficiently broad understanding: the sysadmins
fiddle their kernel tuning knobs, the security people don't understand how
applications work, and the developers call malloc 5,000 times and perform
2,500 I/O ops just to print "Hello, World". The resulting software is
unsafe, slow, and too expensive.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list