[Cryptography] [cryptography] Is it time for a revolution to replace TLS?

Anne & Lynn Wheeler lynn at garlic.com
Mon May 19 00:02:05 EDT 2014 

On 05/18/14 15:14, John Kemp wrote:
> Do you mean the basics of network protocols, or the basics of HTTP itself?
>  HTTP _depends_ on network datagrams (UDP) vs. streams (TCP)
>but does not itself have such a semantic ingrained (although mostly it
> trades in request response patterns of some kind).

while HTTP was supposedly atomic UDP like protocol ... it was built
on TCP ... which would provide retry ... and browsers wouldn't have
to.

This caused a whole lot of problems ... TCP session close has finwait
list of recently closed sessions to catch possibly dangling packets
arriving after session close. This was being processed linearly ...
original implementation assumed very small number of session
close in FINWAIT. The used of TCP by HTTP exploded the number
of session closes on the FINWAIT list. Scaleup of early webservers
were finding they were spending 95-99% of their time running FINWAIT
list. NETSCAPE itself had rapidly expanding number of webservers to
handle the load ... until it got a sequent server ... which had
dealt with the FINWAIT problem when they had customers with 20,000 telnet
sessions and growing FINWAIT problem. It was another six months
or so before the other vendors came out with rewrite of FINWAIT
handling for the (mis-)use of TCP by HTTP (during which time
webservers went through mini-crisis)

TCP has minimum 7-packet exchange for a session (besides the
FINWAIT issue). VMTP had defined a minimum 5-packet exchange
for reliable operation. In prior life I was on the XTP technical
advisory board that defined a minimum 3-package exchange for
reliable operation.

I hypothesized webservers registering their public keys with
domain infrastructure (at same time as domain registration).
DNSSEC would have option to return any optional public key
with ip-address lookup response. Then HTTPS/SSL-light could be
done on XTP by piggybacking symmetric key (encrypted with server's
public key) with initial encrypted data

-- 
virtualization experience starting Jan1968, online at home since Mar1970

More information about the cryptography mailing list