"James A. Donald" <[EMAIL PROTECTED]> writes:
> James A. Donald:
>>> SSL is layered on top of TCP, and then one layers
>>> one's actual protocol on top of SSL, with the result
>>> that a transaction involves a painfully large number
>>> of round trips.
> Richard Salz wrote:
>> Perhaps theoretically painful, but in practice this is
>> not the case; commerce on the web is the
>> counter-example.
> The delay is often humanly perceptible.  If humanly
> perceptible, too much.

The initial delay in connecting is usually DNS related, not SSL
related, and is often experienced even in ordinary http: web
surfing. I don't think that the delays involved in the SSL handshake
are particularly perceptible amidst the other delays involved in
connection setup, unless you're on a very high delay network like one
of the older cellular data systems that are now going away
anyway. Protocol hacks also make subsequent connections to the same
server quite fast.

In any case, although SSL has some compromises in the design, it is
pretty good overall, and I can't see a good reason why one would pick
something else in almost any ordinary situation. A real expert might
find corner cases where it is not suitable, but there are very few
experts out there, though lots of people who incorrectly think they
are. I've seen idiots produce many things that were slower and had
horrible security properties, all the while costing far more in
software development, because they thought they knew better -- I've
never seen anyone actually do better, though. For practical purposes,
the rule is "don't use something else", and "if you think you're smart
enough to do better, you almost certainly aren't".

(No, I'm not a fan of X.509 certs, but those are not core to the
protocol, and you can think of them as nothing more than a fancy key
container format if you like. Key management is not addressed by SSL,
so there is no reason that fixing key management has anything to do
with SSL per se.)

I'm sure you're going to disagree with me, James, but I won't be
responding -- I don't think you're right, but I also see no reason to
beat a dead horse. My opinion (and just about everyone else's) is well
known. We live in a world where you are free to have a dissenting view.

Perry E. Metzger                [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to