[Cryptography] Cycles overhead for TLS

Ryan Carboni ryacko at gmail.com
Fri Sep 25 03:10:44 EDT 2015


On Thu, Sep 24, 2015 at 7:59 PM, Salz, Rich <rsalz at akamai.com> wrote:

> > Average webpage 2 MB.
> > Average US internet speed is ~12 Mbps.
> > Time to download the webpage: 1.3 seconds if you're sitting on top of
> the server.
>
> I don't know what you're trying to say, but your basic concept is flawed.
> From what we see, the average site has 120 HTTP requests per page.
>
> Cellular latency (and the net is going mobile) is 5-10 times higher than
> your typical home wired network.
>
> Again, it's all about removing round-trips.  The CPU cost is noise.
>
>         /r$
>
> --
> Senior Architect, Akamai Technologies
> IM: richsalz at jabber.at Twitter: RichSalz
>


Minimum latency is 1.3 seconds, which is a noticeable amount of time? Once
the amount of time it takes to load something is noticeable, it's a
problem. I'm only talking about cost-benefits anyway, and there's a fixed
cost.

Typical home wired network? Surely you mean typical wireless home network?
5-10 milliseconds isn't the noticeable component of a problem. Not every
website is run by Google, who relentlessly optimize everything.

http://tools.pingdom.com/fpt/#!/enD7Zj/google.com

While downgrade attacks may be a problem (which is solved in TLS 1.3,
right?), authentication-only cipher suites being enabled on the client-end
would prevent man-in-the-middle attacks and allow for cache engines to work.

On another note, given the long lead times in deploying a new cryptographic
protocol, it might be best to include a post-quantum cipher in TLS 1.3.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150925/adbb9648/attachment.html>


More information about the cryptography mailing list