Re: [TLS] Thoughts on TLS 1.3 cryptography performance
Watson Ladd <watsonbladd@gmail.com> Thu, 13 March 2014 03:00 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646001A0889 for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 20:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cUn6cw38K5y for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 20:00:08 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) by ietfa.amsl.com (Postfix) with ESMTP id 02CBD1A088C for <tls@ietf.org>; Wed, 12 Mar 2014 20:00:06 -0700 (PDT)
Received: by mail-yk0-f169.google.com with SMTP id 142so1195940ykq.0 for <tls@ietf.org>; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Bnv2CFYnvtdwl66/j9BoFDajTQ1n9iKFDbxK8ZyPPJ0=; b=CVooMbhBJuUmGCGYShfgi+K0DI/xgOnJhxdcLM4aBDdFd5RmODGWJ0kv5w+RSG1mlG gejfK11U4KHdTdQQ4Nx/cbNcYbH3Vn8IRw14f8DkXl7KNcKE3Rzs9FwR+vxlGFt6OofG Y6FpWrrpzP23CEFbEXlMKvukZqFlsC+PcQQNaQnkLnYzxyqj8lQSKEaWZwhsuwCUkALP RMwwJEQDJrg/ko6ms5k7Dg7fdU+SEb2xT9tzz5fhECGe8ZWtnF1cbZfegMBVDElrWKhG 0c+MlxD2bLAI6w2Nkn0RVltVJ33sIZbfM7xbQwNuc1KKv2VDDb89/kBoBCoD66QX2Vra DUQA==
MIME-Version: 1.0
X-Received: by 10.236.123.38 with SMTP id u26mr1287882yhh.93.1394679600611; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
Received: by 10.170.80.214 with HTTP; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
In-Reply-To: <4262AC0DB9856847A2D00EF817E8113916F48E@scygexch10.cygnacom.com>
References: <CACsn0ckbrrt0rBsHM+5A_jNK6UvkaiO9mHx6=Jr+jjqy+bZ6MQ@mail.gmail.com> <4262AC0DB9856847A2D00EF817E8113916F48E@scygexch10.cygnacom.com>
Date: Wed, 12 Mar 2014 20:00:00 -0700
Message-ID: <CACsn0c=vzDVyK4Tc6y1R-vmgWAQm0Q8ziO4_mOn6U66cyn5p=Q@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Santosh Chokhani <SChokhani@cygnacom.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lNG6pR_Dw2c-vwPxZl9vtS7IX-A
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Thoughts on TLS 1.3 cryptography performance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 03:00:09 -0000
On Wed, Mar 12, 2014 at 7:27 PM, Santosh Chokhani <SChokhani@cygnacom.com> wrote: > Does your calculation include certification path verification and associated public key operations? Note that certification path verification will also entail revocation (CRL or OCSP certificate and OCSP response) verification. You raise a deeply interesting point: if you batch verify, calculation is cheaper. However, neither RSA nor ECDSA can be batch verified. Schnorr can, but was patented, and Schnorr wanted to get paid, which is why it isn't used in X509. Furthermore, the cost of signing is the real issue, and the entire path verification can be cached. Even if the client has to do a lot of verification of OCSP responses anyway, saving server CPU is worthwhile. Sincerely, Watson Ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Thoughts on TLS 1.3 cryptography performance Watson Ladd
- [TLS] Version negotiation (was: Thoughts on TLS 1… Michael D'Errico
- Re: [TLS] Version negotiation (was: Thoughts on T… Eric Rescorla
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Santosh Chokhani
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Watson Ladd
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Nico Williams
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Watson Ladd
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Nico Williams
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Trevor Perrin
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Nico Williams
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Eric Rescorla
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Nico Williams
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Trevor Perrin
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Watson Ladd
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Trevor Perrin
- Re: [TLS] Thoughts on TLS 1.3 cryptography perfor… Eric Rescorla