Re: The TLS hammer and resource integrity

On Wed, Mar 28, 2012 at 7:53 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <CABaLYCvguj3oycrv7uGKnMK_3fUYBU02JA=eH_W_F-w=
> fH7Rqg@mail.gmail.com>
> , Mike Belshe writes:
>
> >Thats the whole point of SPDY - we just handed you a protocol which embeds
> >SSL but is still has lower latency than HTTP.
>
> And I want a protocol with even lower latency, by taking some of the
> good things about SPDY, and leaving behind the bad.
>

Without SSL we'd not have a workable deployment today at all.


>
> >These are cheap and getting cheaper every day.
>
> "cheap is not the same as free".
>
> It's not cheap if you have to sustain a slashdotting or redditing on SSL.
>

I'm not sure that SPDY with its one SSL today is more expensive than
today's HTTP with its 6 to 40-something connections per page.


>
> >The higher the RTT, the bigger the win for SPDY.  So this claim is just
> >false.
>
> Really ?
>
> You found a way to negotiate TLS without any RTT cost ?
>

Actually, yes, however, snap-start was decided to be too complex to do for
the larger internet and so we dropped it.
I have every hope that we'll come up with something equivalent but better
in the future, though.

In any case, you're overlooking some data. Google's search deployment, for
instance, had users getting faster when we switched from HTTP to SPDY.

Poul-- what are you intending to optimize here? Are we optimizing for the
sum of the next ~15 years or for just tomorrow?

-=R


> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
>

Received on Wednesday, 28 March 2012 18:06:27 UTC