On Mon, 16 Sep 2013, Stephen Farrell wrote:
Interesting idea. I note you say that this might add 5-30 seconds
to the access time for a give site and more for a web page with
more than one TLS server cert needed.
Is that something that could get quicker to the level where it'd
be acceptable do you think?
tor is slow, there is not much you can do about speeding that up.
I suspect those kinds of latency would be a killer for browsers or
other applications using TLS.
You could cache known results?
For TLSA, I've worked on making things faster with a draft (soon two
separate drafts) that allow you to ask chunks of DNS(SEC) with 1 TCP
query. That should speed up TSLA validation on the endnode, even if it
is using DNSSEC itself for validation of TLSA records.
(and also, doing edns-tcp-query-chain allows one to get all the DNSSEC
info using one tor circuit/connection)
Paul
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
