Abstract
Establishing secure connections fast to end-users is crucial to online services. However, when a client sets up a TLS session with a server, the TLS handshake needs one round trip time (RTT) to negotiate a session key. Additionally, establishing a TLS session also requires a DNS lookup (e.g., the A record lookup to fetch the IP address of the server) and a TCP handshake. In this paper, we propose ZTLS to eliminate the 1-RTT latency for the TLS handshake by leveraging the DNS. In ZTLS, a server distributes TLS handshake-related data (i.e., Diffie-Hellman elements), dubbed Z-data, as DNS records. A ZTLS client can fetch Z-data by DNS lookups and derive a session key. With the session key, the client can send encrypted data along with its ClientHello, achieving 0-RTT. ZTLS supports incremental deployability on the current TLS-based infrastructure. Our prototype-based experiments show that ZTLS is 1-RTT faster than TLS in terms of the first response time.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
