Re: [TLS] Thoughts on TLS 1.3 cryptography performance

Watson Ladd <watsonbladd@gmail.com> Thu, 13 March 2014 03:00 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646001A0889 for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 20:00:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cUn6cw38K5y for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 20:00:08 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) by ietfa.amsl.com (Postfix) with ESMTP id 02CBD1A088C for <tls@ietf.org>; Wed, 12 Mar 2014 20:00:06 -0700 (PDT)
Received: by mail-yk0-f169.google.com with SMTP id 142so1195940ykq.0 for <tls@ietf.org>; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Bnv2CFYnvtdwl66/j9BoFDajTQ1n9iKFDbxK8ZyPPJ0=; b=CVooMbhBJuUmGCGYShfgi+K0DI/xgOnJhxdcLM4aBDdFd5RmODGWJ0kv5w+RSG1mlG gejfK11U4KHdTdQQ4Nx/cbNcYbH3Vn8IRw14f8DkXl7KNcKE3Rzs9FwR+vxlGFt6OofG Y6FpWrrpzP23CEFbEXlMKvukZqFlsC+PcQQNaQnkLnYzxyqj8lQSKEaWZwhsuwCUkALP RMwwJEQDJrg/ko6ms5k7Dg7fdU+SEb2xT9tzz5fhECGe8ZWtnF1cbZfegMBVDElrWKhG 0c+MlxD2bLAI6w2Nkn0RVltVJ33sIZbfM7xbQwNuc1KKv2VDDb89/kBoBCoD66QX2Vra DUQA==
MIME-Version: 1.0
X-Received: by 10.236.123.38 with SMTP id u26mr1287882yhh.93.1394679600611; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
Received: by 10.170.80.214 with HTTP; Wed, 12 Mar 2014 20:00:00 -0700 (PDT)
In-Reply-To: <4262AC0DB9856847A2D00EF817E8113916F48E@scygexch10.cygnacom.com>
References: <CACsn0ckbrrt0rBsHM+5A_jNK6UvkaiO9mHx6=Jr+jjqy+bZ6MQ@mail.gmail.com> <4262AC0DB9856847A2D00EF817E8113916F48E@scygexch10.cygnacom.com>
Date: Wed, 12 Mar 2014 20:00:00 -0700
Message-ID: <CACsn0c=vzDVyK4Tc6y1R-vmgWAQm0Q8ziO4_mOn6U66cyn5p=Q@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Santosh Chokhani <SChokhani@cygnacom.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lNG6pR_Dw2c-vwPxZl9vtS7IX-A
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Thoughts on TLS 1.3 cryptography performance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 03:00:09 -0000

On Wed, Mar 12, 2014 at 7:27 PM, Santosh Chokhani
<SChokhani@cygnacom.com> wrote:
> Does your calculation include certification path verification and associated public key operations?  Note that certification path verification will also entail revocation (CRL or OCSP certificate and OCSP response) verification.

You raise a deeply interesting point: if you batch verify, calculation
is cheaper. However, neither RSA nor ECDSA can be batch verified.
Schnorr can, but was patented, and Schnorr wanted to get paid, which
is why it isn't used in X509. Furthermore, the cost of signing is the
real issue, and the entire path verification can be cached.

Even if the client has to do a lot of verification of OCSP responses
anyway, saving server CPU is worthwhile.

Sincerely,
Watson Ladd

-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin