On Thu, 30 Sep 2010, Thor Lancelot Simon wrote:
That would only happen if we (as security experts) allowed web developers to
believe that the speed of RSA is the limiting factor for web application
performance.
At 1024 bits, it is not. But you are looking at a factor of *9* increase
in computational cost when you go immediately to 2048 bits. At that point,
the bottleneck for many applications shifts, particularly those which are
served by offload engines specifically to move the bottleneck so it's not
RSA in the first place.
I'm sure its nothing compared to the 3 layers of url shorter redirects and
their latency :P
Also, consider devices such as deep-inspection firewalls or application
traffic managers which must by their nature offload SSL processing in
order to inspect and possibly modify data
You mean it will be harder for MITM attacks on SSL. Isn't that a good thing? :P
This too will hinder the deployment of "SSL everywhere", and handwaving
about how for some particular application, the bottleneck won't be at
the front-end server even if it is an order of magnitude slower for it
to do the RSA operation itself will not make that problem go away.
The SSL everywhere problem has been a political one, not a technical one.
I am sure the "free market" can deal with putting SSL everywhere, if that
expectation has come from every internet user - instead of that internet
user clicking away many warnings about self signed certs, redirects and
SSL man-in-the-middle "protection".
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
