> On 15 Feb 2017, at 19:25, Martin Thomson <martin.thom...@gmail.com> wrote: > > On 16 February 2017 at 04:20, Yoav Nir <ynir.i...@gmail.com> wrote: >> No, not really, but TLS is not just the web, and there are connections that >> last for a long time and transfer large amounts of data. Think datacenter >> synchronization. At packet-sized records 24 million records amounts to 36 >> GB. That is considerably larger than a 4 GB software update I downloaded >> over HTTPS a few years ago, but not out of the ballpark. > > I realize that's going to require updates pretty often (once you open > up the CWND), but I don't think that it is frequent enough to be a > concern. > > I well know that HTTP gets used at these volumes more often than > people realize. I'd rather recommend ChaCha for those niche uses > though if the rate was sufficiently high.
And now I’ve lost you. A moment ago I thought you were concerned that people would fail to implement KeyUpdate. Are you now suggesting that it be removed entirely from TLS 1.3? There’s no getting around the fact that AES-GCM is faster on certain processors than ChaCha, and speed is likely to be a major concern for exactly the same systems that use the high data volumes. Yoav
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls