On Fri, Feb 01, 2008 at 01:15:09PM +1300, Peter Gutmann wrote:

> Victor Duchovni <[EMAIL PROTECTED]> writes:
> >Jumping in late, but the idea that *TCP* (and not TLS protocol design) adds
> >round-trips to SSL warrants some evidence (it is very temping to express this
> >skepticism more bluntly).
> If anyone's interested, I did an analysis of this sort of thing in an
> unpublished draft "Performance Characteristics of Application-level Security
> Protocols", http://www.cs.auckland.ac.nz/~pgut001/pubs/app_sec.pdf.  It
> compares (among other things) the cost in RTT of several variations of SSL and
> SSH.  It's not the TCP RTTs that hurt, it's all the handshaking that takes
> place during the crypto connect.  SSH is particularly bad in this regard.

Thanks, an excellent reference! Section 6.2 is most enlightening, we were
already considering adopting HPN fixes in the internal OpenSSH deployment,
this provides solid material to motivate the work...


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to