Re: Why are secure web pages are so !@#$%^&*()_ slow

EKR (ekr@rtfm.com)
19 Jan 1999 07:38:54 -0800

• Next message: Jukka E Isosaari: "Re: Mailinglist programs with PGP-encryption?"
• Previous message: Bill Frantz: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: Ben Laurie: "Re: Why are secure web pages are so !@#$%^&*()_ slow"

Bill Frantz <frantz@netcom.com> writes:
> If the problem is that it is slow to connect once a week when you log on to
> pay your bills, I don't think session caching with session IDs will help.
> What might help, particularly if you are verifying certificates on a
> relativity slow personal machine is what SPKI calls a certificate result
> certificate (CRC).
>
> A CRC is generated to collapse a chain of certificates. In the case of a
> browser, it could bypass many public key operations if it just saved the
> server's public key and the closest of the expiration dates in the
> certificate chain it used to verify the key. The only public key
> operations needed then would be those used to establish the session key.
I'd call this a validation cache, and I know that at least
one product (SPYRUS/Terisa) supports this (since I put it in
there.)

However, I doubt that this is a significant performance cost of
SSL. Remember that RSA public key verifcation are very fast and that
most SSL server cert chains are only a cert or two long.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]

• Next message: Jukka E Isosaari: "Re: Mailinglist programs with PGP-encryption?"
• Previous message: Bill Frantz: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: Ben Laurie: "Re: Why are secure web pages are so !@#$%^&*()_ slow"