Re: Is round-trip time no longer a concern?
Eric Rescorla <ekr@networkresonance.com> Mon, 20 February 2006 15:15 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBCl3-0004sW-VC; Mon, 20 Feb 2006 10:15:25 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBCl2-0004sF-T5; Mon, 20 Feb 2006 10:15:24 -0500
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBCl1-0001hi-Gk; Mon, 20 Feb 2006 10:15:24 -0500
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 0E1C81E8C4C; Mon, 20 Feb 2006 07:15:23 -0800 (PST)
To: Dave Cridland <dave@cridland.net>
References: <20060219013238.779CC22241D@laser.networkresonance.com> <43F8FE0F.3060309@dcrocker.net> <24385.1140426803.565678@peirce.dave.cridland.net>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 20 Feb 2006 07:15:23 -0800
In-Reply-To: <24385.1140426803.565678@peirce.dave.cridland.net> (Dave Cridland's message of "Mon, 20 Feb 2006 09:13:22 +0000")
Message-ID: <868xs6kqno.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.18 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: IETF-Discussion <ietf@ietf.org>, Dave Crocker <dcrocker@bbiw.net>, iesg@ietf.org
Subject: Re: Is round-trip time no longer a concern?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Dave Cridland <dave@cridland.net> writes: > On Sun Feb 19 23:23:59 2006, Dave Crocker wrote: >> Folks, >> Eric said: >> > 1. It is slower because it requires two handshakes. >> > 2. The client may have to authenticate twice (this is a special >> > case of (1)). >> > >> > The second case can be easily ameliorated by having the client >> send an >> > extension (empty UME?) in the first handshake as a signal that it >> wants >> > to do UMDL and that the server should hold off on demanding client >> > authentication until the rehandshake happens. >> > >> > The performance issue is quite modest with modern servers. >> Indeed, it's >> > quite common for web servers to do a first handshake without >> cert-based >> > client auth and then rehandshake with client auth if the client >> asks for >> > a sensitive page. >> This raised a flag with me. Within the Internet protocol context I >> have always seen significant concern for reducing the number of >> exchanges, because additional exchanges (hand-shakes) can -- and >> often do -- have painful round-trip latencies. (Server capacity can >> be a concern, of course, but not for this issue.) >> > Well, for those of us looking at Lemonade, etc, I think we're still > very concerned about every round-trip. Server capacity, too, is a very > real problem, and, while I admit to not having looked at this > specification yet, given what I've read thus far, I'm assuming this > has some applicability to email protocols as well as HTTP, which would > affect Lemonade. Well, I'm not claiming that latency isn't a factor in protocol performance. What I'm claiming is that it's not clear that latency in the initial connection setup handshake (in this case the TLS one) is a major factor in protocol performance. Recall that the way that TLS works is that you do an initial handshake to establish the keys and then you send data of the negotiated channel. What we're discussing is whether it's OK for this to take a few extra round-trips at the setup of the first connection (and not necessarily afterwards because of TLS session caching). So, we're not talking about adding messages to every activity of the higher level protocol. So, what I'm arguing is that except for applications where initial connection setup is a large fraction of the cost of the entire connection, I think it's not worth optimizing the initial connection setup very much. And until you've profiled the protocols in question it's hard to know which case you're in. >> Is it true that we no longer need to worry about regularly adding >> extra round-trips to popular protocols that operate over the open >> Internet? > > No. > > As far as I'm aware, there is no protocol in existence which somebody, > somewhere, does not actively use over a mobile phone link, or a slow > analogue modem, and this is especially true of TLS enabled protocols > such as HTTP, email protocols, etc. Well, I hear what you're saying, but when I check my mail over my cell phone, it's pretty clear that the time isn't going to TLS connection setup. -Ekr _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Eric Rescorla
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Steven M. Bellovin
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Bill Fenner
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Russ Housley
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Russ Housley
- Is round-trip time no longer a concern? (was: Re:… Dave Crocker
- Re: Is round-trip time no longer a concern? Russ Allbery
- Re: Is round-trip time no longer a concern? (was:… Steven M. Bellovin
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Bill Strahm
- Re: Is round-trip time no longer a concern? (was:… Dave Cridland
- Re: Is round-trip time no longer a concern? Harald Tveit Alvestrand
- Re: Is round-trip time no longer a concern? Peter Dambier
- RE: Last Call: 'TLS User Mapping Extension' to Pr… Pasi.Eronen
- Re: Is round-trip time no longer a concern? Eric Rescorla
- Re: Is round-trip time no longer a concern? Keith Moore
- Re: Is round-trip time no longer a concern? Dave Cridland
- Re: Is round-trip time no longer a concern? Dave Crocker
- Re: Is round-trip time no longer a concern? Eric Rescorla
- Re: Is round-trip time no longer a concern? Tony Finch
- Re: Is round-trip time no longer a concern? Steven M. Bellovin
- Re: Is round-trip time no longer a concern? Dave Crocker
- RE: Last Call: 'TLS User Mapping Extension' to Pr… Gray, Eric
- RE: [TLS] Re: Last Call: 'TLS User Mapping Extens… Pasi.Eronen
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Bernard Aboba
- RE: Last Call: 'TLS User Mapping Extension' to Pr… Russ Housley
- RE: [TLS] Re: Last Call: 'TLS User Mapping Extens… Russ Housley
- RE: [TLS] Re: Last Call: 'TLS User Mapping Extens… Stefan Santesson
- RE: Last Call: 'TLS User Mapping Extension' to Pr… Stefan Santesson
- RE: Last Call: 'TLS User Mapping Extension' to Pr… Stefan Santesson
- RE: Re: [TLS] Re: Last Call: 'TLS User Mapping Ex… Stefan Santesson
- RE: Re: [TLS] Re: Last Call: 'TLS User Mapping Ex… Stefan Santesson
- RE: Re: [TLS] Re: Last Call: 'TLS User Mapping Ex… Russ Housley
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Simon Josefsson
- Re: Last Call: 'TLS User Mapping Extension' to Pr… Jeffrey Hutzelman
- RE: [TLS] Re: Last Call: 'TLS User Mapping Extens… Ari Medvinsky