undefined | Better HN

0 pointsPeterisP7y ago0 comments

Over 2400 baud? Yes, I probably would suggest dropping SSL and instead transmit pre-encrypted data over a very plain, very simple connection to avoid the overhead of SSL handshake (something like 5kb for current keysizes?) and its latency.

GPG-encrypted email over plain POP would work; and you can have automatic "remailers" on both sides of the link that handle the encryption/decryption once the communications are done over a "normal" connection.

0 comments

tialaramex7y ago

You pay full handshake setup only if you don't have a shared key. If reducing bandwidth is the priority you would always set up a key on first connection and use the maximum allowable expiry time (10 days?) so long as you reconnect this often you never do another full handshake since you have a key (and you're allowed to get a new key with the old one, resetting the expiry timestamp each time).

With this slimming approach you also wouldn't use these grotesque "... and here's a portrait of my dog" type certificates we sometimes see, that may be several kilobytes in size, nor use the lengthy RSA keys. You'd do the minimum possible certificate for a single name and an EC key.

So it'll probably cost ~1kB on first connection and then only a few hundred bytes on subsequent connections, without any special components, this all just works with generic software you already have if configured appropriately.

You can shave a little more off if you agree to custom configure everything since the proof-by-certificate isn't mandatory in TLS per se, you can do everything with shared keys if you agree out of band what those keys are. This is intended for IoT-type applications.

wolf550e7y ago

1-RTT TLS 1.3 handshake with small ECC keys and certificate chain optimized for size, and TLS shouldn't be a problem to sync mail over slow connection.

51lver7y ago

Simple and reliable pgp encryption will outlast tls 1.3, and rural users (quite reasonably) expect more life from their devices than city folks. No one is going to download and update with a 200MB image at 2400bps afterall.

wolf550e7y ago

pgp email is basically deprecated by the security community. Security people do not use and do not recommend pgp email. TLS is used by everything, and a version of it will be used for a long time, for example everything that will use IETF QUIC or HTTP3+ on top of IETF QUIC.

gsich7y ago

TLS is transport layer encryption. PGP is mail content encryption. TLS can't replace PGP, as it deals with encryption on another layer.

While you might feel that it's deprecated (says who?) it's certainly in use, even by those "security people".

j / k navigate · click thread line to collapse

0 comments

tialaramex7y ago

wolf550e7y ago

1-RTT TLS 1.3 handshake with small ECC keys and certificate chain optimized for size, and TLS shouldn't be a problem to sync mail over slow connection.

51lver7y ago

wolf550e7y ago

gsich7y ago

TLS is transport layer encryption. PGP is mail content encryption. TLS can't replace PGP, as it deals with encryption on another layer.

While you might feel that it's deprecated (says who?) it's certainly in use, even by those "security people".

j / k navigate · click thread line to collapse