On 2013-10-11 15:48, ianG wrote:
Right now we've got a TCP startup, and a TLS startup. It's pretty
messy. Adding another startup inside isn't likely to gain popularity.
The problem is that layering creates round trips, and as cpus get ever
faster, and pipes ever fatter, round trips become a bigger an bigger
problem. Legend has it that each additional round trip decreases usage
of your web site by twenty percent, though I am unaware of any evidence
on this.
(Which was one thing that suggests a redesign of TLS -- to integrate
back into IP layer and replace/augment TCP directly. Back in those
days we -- they -- didn't know enough to do an integrated security
protocol. But these days we do, I'd suggest, or we know enough to
give it a try.)
TCP provides eight bits of protocol negotiation, which results in
multiple layers of protocol negotiation on top.
Ideally, we should extend the protocol negotiation and do crypto
negotiation at the same time.
But, I would like to see some research on how evil round trips really are.
I notice that bank web pages take an unholy long time to come up,
probably because one secure we page loads another, and that then loads a
script, etc.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
