I agree the efficiency concerns are generally overstated, but this study should have measured QUIC etc, since the web pages will have all sorts of awful performance problems. But the thing you have to watch out for is when someone in the datacenter steps on the power cord or something (or DNS is wrong, etc). Then, you get a stampede of clients reconnecting, and there you really do care about how expensive the handshake is.
thanks, Rob On Thu, Mar 7, 2024 at 11:58 AM Deirdre Connolly <durumcrustu...@gmail.com> wrote: > "At the 2024 Workshop on Measurements, Attacks, and Defenses for the Web > (MADweb), we presented a paper¹ advocating time to last byte (TTLB) as a > metric for assessing the total impact of data-heavy, quantum-resistant > algorithms such as ML-KEM and ML-DSA on real-world TLS 1.3 connections. Our > paper shows that the new algorithms will have a much lower net effect on > connections that transfer sizable amounts of data than they do on the TLS > 1.3 handshake itself." > > > https://www.amazon.science/blog/delays-from-post-quantum-cryptography-may-not-be-so-bad > > ¹ > https://www.amazon.science/publications/the-impact-of-data-heavy-post-quantum-tls-1-3-on-the-time-to-last-byte-of-real-world-connections/ > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls