We had a discussion at the OAuth working group meeting about the worries people have with using TLS. Here is a relevant mail from a discussion around TCP crypt.
Begin forwarded message: > From: Eric Rescorla <e...@rtfm.com> > Date: July 28, 2011 10:53:00 AM EDT > To: tsv-a...@ietf.org > Subject: SSL/TLS Performance Data > > Re: Mark's comments about SSL/TLS performance versus tcpcrypt > performance, it's worth reading: > > http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html > > Relevant point: > > In January this year (2010), Gmail switched to using HTTPS for > everything by default. Previously it had been introduced as an option, > but now all of our users use HTTPS to secure their email between their > browsers and Google, all the time. In order to do this we had to > deploy no additional machines and no special hardware. On our > production frontend machines, SSL/TLS accounts for less than 1% of the > CPU load, less than 10KB of memory per connection and less than 2% of > network overhead. Many people believe that SSL takes a lot of CPU time > and we hope the above numbers (public for the first time) will help to > dispel that. > > > -Ekr _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
