On 2013-10-11 15:48, ianG wrote:
Right now we've got a TCP startup, and a TLS startup. It's pretty messy. Adding another startup inside isn't likely to gain popularity.

The problem is that layering creates round trips, and as cpus get ever faster, and pipes ever fatter, round trips become a bigger an bigger problem. Legend has it that each additional round trip decreases usage of your web site by twenty percent, though I am unaware of any evidence on this.

(Which was one thing that suggests a redesign of TLS -- to integrate back into IP layer and replace/augment TCP directly. Back in those days we -- they -- didn't know enough to do an integrated security protocol. But these days we do, I'd suggest, or we know enough to give it a try.)

TCP provides eight bits of protocol negotiation, which results in multiple layers of protocol negotiation on top.

Ideally, we should extend the protocol negotiation and do crypto negotiation at the same time.

But, I would like to see some research on how evil round trips really are.

I notice that bank web pages take an unholy long time to come up, probably because one secure we page loads another, and that then loads a script, etc.

The cryptography mailing list

Reply via email to