[TLS] Re: Bytes server -> client

Thu, 07 Nov 2024 23:19:03 -0800 

Dear Bas,

Thanks for sharing. I'm quite curious about this bit in particular:

On 11/7/24 10:06 PM, Bas Westerbaan wrote:


    On average, around 15 million TLS connections are established with
    Cloudflare per second. Upgrading each to ML-DSA, would take
    1.8Tbps, which is 0.6% of our current total network capacity. No
    problem so far. The question is how these extra bytes affect
    performance.
    Back in 2021, we ran a large-scale experiment to measure the
    impact of big post-quantum certificate chains on connections to
    Cloudflare’s network over the open Internet. There were two
    important results. First, we saw a steep increase in the rate of
    client and middlebox failures when we added more than 10kB to
    existing certificate chains.
Would you be willing to share some numbers around the increase in failures? What do you think might've been the cause for increased failures at clients and middleboxes? One hypothesis I have is TLS-related DPI might allocate a certain buffer to capture the handshake, which was now being crossed. 

Regards,

Raghu Saxena

Attachment: OpenPGP_0xA1E21ED06A67D28A.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to