Imo, we have been measuring handshake time as an indication or performance, but time-to-last-byte or time-to-x%-byte should be used instead. There is nothing wrong with your study Thom. It is pretty detailed and useful. I just think that if these new algos get deployed, we would know if their impact would be noticeable by measuring different things that what we have been measuring so far. An 150KB (on average) web page over a lossy LTE connection will have pretty bad user experience regardless of adding 10-15KB of Dilithium certs or 1-2KB of Kyber keys/ciphertexts.
From: Pqc <pqc-boun...@ietf.org> On Behalf Of Thom Wiggers Sent: Tuesday, June 27, 2023 4:04 PM To: Bas Westerbaan <b...@cloudflare.com> Cc: Martin Thomson <m...@lowentropy.net>; SofĂa Celi <cheren...@riseup.net>; tls@ietf.org; p...@ietf.org Subject: RE: [EXTERNAL][Pqc] [TLS] Post-Quantum TLS instantiations and synthetic benchmarks CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Hi Bas, Op di 27 jun 2023 om 14:44 schreef Bas Westerbaan <b...@cloudflare.com<mailto:b...@cloudflare.com>>: Thanks for preparing the excerpt; this will be helpful for many use cases. (For the WebPKI, as you already mention, we also need to consider SCTs and realistically crappy networks.) "this is LTE in a city", and "this is what a poor-quality rural 3G link looks like". But alas, these don't seem to exist either. Unfortunately, it will not be as simple as plugging in a single packet loss number and then dropping that fraction of packets. Because TCP interpets packet loss as congestion, it grinds down to a halt much earlier than at a loss of 2%. Instead, lossy links such as WiFi and cellular have their own retransmission protocols hidden from TCP. Yeah, I'm all too familiar with wireless retransmission (a previous laptop had a bad wifi chip that would drop up to 1/3rd of the packets leading to massive latency spikes). Still, I hope that someone has a good idea on how to best represent these facets of real-world networking in some way that is useful for experiments :) Cheers, Thom
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
