W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

Re: Port 80 deprecation

From: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Sat, 5 Jun 2021 11:05:15 +0300
To: Toerless Eckert <tte@cs.fau.de>
Cc: ietf-http-wg@w3.org
Message-ID: <YLswO6umk+WCOXd7@LK-Perkele-VII2.locald>
On Thu, Jun 03, 2021 at 01:43:24PM +0200, Toerless Eckert wrote:
> Which RFC that is updating RFC8446 is providing null crypto ?

From IANA registry (despite not having "NULL" in name, these are NULL
ciphersuites):

    0xC0,0xB4   TLS_SHA256_SHA256  Y N   [draft-camwinget-tls-ts13-macciphersuites]
    0xC0,0xB5   TLS_SHA384_SHA384  Y N   [draft-camwinget-tls-ts13-macciphersuites]

The "Y N" there means: OK for DTLS, Not recommended.

However, these might not deliver the best throughput. If platform has
SIMD but no hardware SHA-2 acceleration, Chacha20-Poly1305 likely
delivers better throughput. If platform has hardware AES-GCM
acceleration, AES-GCM is likely higher throughput regardless of if
there is hardware SHA-2 acceleration or not (E.g., AMD Zen2 has both,
and AES-GCM is a lot faster).

And then record protection throughput might not be the biggest problem.
Having to do handshake and deal with possible peer authentication might
cause much more problems at application level, and NULL ciphers do
nothing for these issues.


-Ilari
Received on Saturday, 5 June 2021 08:05:54 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 5 June 2021 08:06:43 UTC