Pascal Hambourg wrote: > Le 18/06/2016 18:19, Dan Purgert a écrit : >> Pascal Hambourg wrote: >>> Le 17/06/2016 21:52, Jochen Spieker a écrit : >>>> Pascal Hambourg: >>>>> >>>>> Hmm. I don't know how SSL works, but HTTPS runs on top of TCP so I doubt >>>>> that it cares about IP packet size. The task of splitting the TCP payload >>>>> stream into IP packets is done by the TCP layer. >>>> >>>> Sure, but if your encryption scheme wastes payload in yout packets you >>>> have more overhead for TCP/IP headers in each packet. >>> >>> Why would encryption increase the payload size ? >>> Disk encryption with dm-crypt does not (except for the LUKS header). >> >> Because most encryption schemes use a standard blocksize (let's say 64 >> bytes), and those 'encrypted blocks' do not fit well into the max >> payload size of a packet. >> >> More packets = more overhead. > > Again, why would whole encrypted blocks need to fit in packets ? TCP is > a stream-oriented transport protocol, so the encryption block size and > boundary does not matter.
Because the TCP "stream" is still encapsulated in IP packets / Ethernet frames, and you cannot simply "break" an encrypted block at some arbitrary point in order to make it fit nicely in the packet / frame. -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O|