W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Adrien W. de Croy <adrien@qbik.com>
Date: Wed, 28 Mar 2012 07:44:45 +0000
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>, "Amos Jeffries" <squid3@treenet.co.nz>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <embed54768-cbde-4e7c-9322-59810f612cce@boist>
one thing I haven't seen discussed is the latency introduced in setup 
of TLS.
if you think TCP 3-way handshake is bad, TLS handshake adds at least 
another 2 full RTTs.
This means my 300ms connection to a (non geolocated) US site becomes a 
1s one.
I would have thought that ALONE would have been a show-stopper.

------ Original Message ------
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
To: "Amos Jeffries" <squid3@treenet.co.nz>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 28/03/2012 8:21:21 p.m.
Subject: Re: The TLS hammer and resource integrity
>In message <f46d469093a1a7d6a357d77a68217002@treenet.co.nz>, Amos Jeffries writ
>>I completely agree that this needs to be addressed, but the transport
>>appears to be doing everything right so far.
>Everything, that is, except performance and choice.
>There is no way to get around that mandatory TLS is overkill in
>many high-volume applications, most notably p0rn.
>If you want to kill HTTP/1.1, you have to make HTTP/2.0 a good idea
>for the 50% of web traffic consisting of pink bits.
>Second, there are places where TLS is simply not a good idea, either
>because other security measures are in place, or because transparency
>is specifically called for (Think: Flight Recorder).
>Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>phk@FreeBSD.ORG         | TCP/IP since RFC 956
>FreeBSD committer       | BSD since 4.3-tahoe
>Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 07:45:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC