[ramshanker]

We are doing all these session tickets gymnastic to reduce the round trip. Mostly considering web applications. In case of native mobile application, we could just add a splash-screen/quick 2 sec animation hiding the worst case 3x200ms round trip latency overhead. So at the start of the app we simply create a fresh perfectly secured TLS connection.

It appears a better choice from security standpoint, UI can always be cleverly tricked into being smooth.

[gruturo]

In case of 2.5G connections (I still get 2.5G on a regular basis, e.g. in some specific train stations on my way to work in the morning) it can easily be 800ms per RTT - so 2.4 seconds before you have a chance to request any content.

And no, you cannot really ignore this if you are interested in fostering TLS' adoption in the real world. Every tenth of a second causes a measurable loss in user interest, and in many organizations this metric will drive the decision. We cannot legislate from our ivory tower and expect the world to follow against their (perceived) best interest.

[tptacek]

It's not just reducing RTT latency; it's also reducing the number of bignum crypto operations the server needs to perform, which carry a significant computational cost.