On 2010-08-25 11:04 PM, Richard Salz wrote:
Also, note that HSTS is presently specific to HTTP. One could imagine
expressing a more generic "STS" policy for an entire site
A really knowledgeable net-head told me the other day that the problem
with SSL/TLS is that it has too many round-trips. In fact, the RTT costs
are now more prohibitive than the crypto costs. I was quite surprised to
hear this; he was stunned to find it out.
This is inherent in the layering approach - inherent in our current
crypto architecture.
To avoid inordinate round trips, crypto has to be compiled into the
application, has to be a source code library and application level
protocol, rather than layers.
Every time you layer one communication protocol on top of another, you
get another round trip.
When you layer application protocol on ssl on tcp on ip, you get round
trips to set up tcp, and *then* round trips to set up ssl, *then* round
trips to set up the application protocol.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
