postfix-devel

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Caching TLS connections (XSTOPTLS) Wietse Venema Thu Jun 25 12:00:24 2009

Victor Duchovni:
> On Thu, Jun 25, 2009 at 12:00:31PM -0400, Wietse Venema wrote:
> 
> > > I'd like to propose a Postfix-specific ESMTP feature that would
> > > enable the caching of TLS connections by disabling crypto on
> > > the session before putting it into the cache, and re-enabling
> > > crypto right after.
> > 
> > So, the use case is that a connection was used by process X, and
> > reused by a different process Y.
> 
> Yes.
> 
> > Can you quantify the gains, in terms of of long-distance network
> > roundtrips? Assuming that the DNS lookup is cached on-site, the
> > gain would be the TCP-level handshake.  What else?
> 
> Connection caching is not about saving round-trips, it is about
> overcoming adverse (orders of magnitude higher) latency when
> k of N MX hosts are down and non-responsive (30s timeout vs.
> sub-second TCP 3-way handshake latency when the host is up).
> 
> Caching connections allows one to avoid new connection creation, which
> involves unpredictable latency. The alternative could be a negative
> cache for dead MX hosts with a life-time comparable to the connection
> re-use time (300s).

An alternative is for the scache daemon to have an option to retain
"these hosts are good" meta-data for a couple seconds. With this,
the discovery problem is sidestepped, and non-TLS connections may
benefit, too.

        Wietse