On Aug 25, 2010, at 9:04 20AM, Richard Salz wrote:
>> Also, note that HSTS is presently specific to HTTP. One could imagine
>> expressing a more generic "STS" policy for an entire site
>
> A really knowledgeable net-head told me the other day that the problem
> with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
> are now more prohibitive than the crypto costs. I was quite surprised to
> hear this; he was stunned to find it out.
This statement is quite correct. I know of at least one major player that was
very reluctant to use SSL because of this issue; the round trips, especially on
intercontinental connections, led to considerable latency, which in turn hurt
the perceived responsiveness of their service.
We need to do something about the speed of light. Is anyone working on
hyperwave or subether technologies?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
