---------- Forwarded message ---------- From: Kyle Hamilton <[EMAIL PROTECTED]> Date: May 16, 2005 10:36 PM Subject: Re: Reducing SSL overhead To: Gervase Markham <[EMAIL PROTECTED]>
If you can get the browsers to agree to use null ciphers, then theoretically you can do away with the bulk-cipher overhead. However, you will still have to deal with the hash-generation overhead (much smaller, if I remember correctly), as it still provides authentication of the data as coming from the same source. Also, you would have the overhead (at connection startup) of the public-key cryptography to verify the certificate. (If we had some way to allow connections to servers that don't have certificates [i.e., unauthenticated server mode, which many SSL server implementations don't support], then even that overhead would be reduced, and the only thing that would be negotiated is the key to the MAC.) Then again, NULL-NULL-NULL wouldn't exactly give any kind of SSL bonus, and would cause additional protocol overhead. Unless I'm wrong? Correct me, here, guys? -Kyle On 5/16/05, Gervase Markham <[EMAIL PROTECTED]> wrote: > Say I'm a website owner who wants to give my users the assurance that > (theoretically; let's not go there right now) comes with an SSL > connection, but don't want or need the overhead of encryption. > > Would it be possible (i.e. what would the side effects be) to enable the > null cyphers in our SSL implementation, assuming that we made it so that > using them didn't invoke the lock? > > Would that have much effect on server computational load, or is the > encryption and decryption not where most of the cycles go? > > Gerv > _______________________________________________ > mozilla-crypto mailing list > [email protected] > http://mail.mozilla.org/listinfo/mozilla-crypto > _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
