Folks, Eric said: > 1. It is slower because it requires two handshakes. > 2. The client may have to authenticate twice (this is a special > case of (1)). > > The second case can be easily ameliorated by having the client send an > extension (empty UME?) in the first handshake as a signal that it wants > to do UMDL and that the server should hold off on demanding client > authentication until the rehandshake happens. > > The performance issue is quite modest with modern servers. Indeed, it's > quite common for web servers to do a first handshake without cert-based > client auth and then rehandshake with client auth if the client asks for > a sensitive page.
This raised a flag with me. Within the Internet protocol context I have always seen significant concern for reducing the number of exchanges, because additional exchanges (hand-shakes) can -- and often do -- have painful round-trip latencies. (Server capacity can be a concern, of course, but not for this issue.)
For all of the massive improvements in the Internet's infrastructure, my impression is that round-trip delays can still be problematic.
To this end, the high chatter rate of http seems less a basis for encouraging other protocols to chatter more, than a case of remarkable good luck... unless you happen to be on a path that has high latencies frequently, or experience too many of these extra handshakes.
Is it true that we no longer need to worry about regularly adding extra round-trips to popular protocols that operate over the open Internet?
d/ -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net> _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
