On Mon, Mar 8, 2010 at 5:38 AM, Torsten Lodderstedt <[email protected] > wrote:
> ... >> 1. Connection latency to bootstrap the connection (from the >> asymmetric/public-key encryption operations) >> > > Bootstrapping a SSL sessions is expensive. But every session can be > used for multiple HTTPS-Connections. Thus an application can establish the > first > HTTPS connection in the background before any user interaction takes place > and > reuse the session for further communication. I think this point is worth calling out (and doing a bit of prototyping on) -- if the use case is a latency-sensitive client app that wishes to avoid cold-start HTTP(s) connections, then a warmup connect() or just an idempotent GET while the app is starting up / coming to the foreground could be a very good idea. Good even without SSL, due to DNS overhead, and even more useful with SSL. This could allow many apps to hide the latency hit from the user almost completely. If this is true, then it may mean that the SSL overhead would be a problem in far fewer cases than it might appear at first glance.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
