On Mon, Jun 3, 2024 at 3:24 PM Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> wrote:
> Thank you for collecting and sharing these numbers! I think this here is > the most interesting bit in terms of curve popularity, since any difference > in CPU time is ultimately marginal compared to the cost of a HRR. > > > > I’m not so sure. This is really CDN to origin, or server-to-server > traffic. You’d expect latency to not be as important as client to server, > but more importantly that persistent connections and resumption would > amortize the cost hugely. > We do care about it. We're scanning origins so that we can send a supported keyshare immediately and avoid HRR (not rolled out yet.) That's not just for performance, but also to deal with origins that don't support HRR. I also don't think this data supports the conclusion that P-256 will have fewer HRRs. As you mention the population is quite skewed: only origins that configured Cloudflare in front. More importantly, there are servers that will HRR to X25519 if presented a P-256 keyshare. (Eg. BoringSSL's default behaviour.) Unfortunately I don't have data at hand how often that happens. Best, Bas >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
