Hi
> > Your issue can be solved with the compression layer. The upgrading
> > problem really needs the additional data.
>
> As say above, the only problem it solves is a "resource length" problem.
> That is, only change the lengths of the resources retrieved by the
> server. However, still remains the problem of the <number of resources>
> retrieved, that is the number of TLS connections.
One connection may have more than one request.
You may possibly solve the "number of resources" by sending
0 (NULL) byte application data which is padded in the
compression layer.
> Of course, compression algorithms always are good to provide short
> messages. But...I don't know if the compression algorithm will going to
> compress anything after all, because a number of resources retrieved in
> HTML pages is compressed already (gif adn jpg images, for example). An
> emphirical analysis of the compression ratios of web sites should be of
> great help in decide if providing compression algorithms to the Web will
> be useful. Do you know somebody who have this done?
No. But as I've mentioned before. You may have different compression
levels (compress up to pad).
> Besides there is pleny of work to do yet, do you think that IETF will
> accept this as an Internet draft? I think yes because the
> draft-ietf-tls-http-upgrade-02.txt protocol is not implemented yet, and
> IETF accepted that. But I read that IETF preffers "proved" solutions. I
> don't have an implementation for this (yet). What do you think?
I don't think that one implements this additional layer. The idea is good
but the complexity rises. Most people already have problems to
implement (HTTP | SMTP | ...) over TLS. An additional layer makes
their live not easier. And even more it does not solve the main
problem of traffic analysis. You always have the src and dst IP
address.
But please feel free to post a statement into the IETF-TLS
list. I'll follow the thread.
Regards Rene
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
