Reducing the cost of TLS is actually a very achievable goal. The
components of that cost are key negotiation and encryption. Encryption
using RC4 is generally considered adequate and cheap; it certainly
achieves the objective of thwarting putative value-adding proxies. If
keys could be negotiated easily, then we would have come a long way
towards generalizing the use of encryption.
Let's head off this misinformation sooner rather than later.
Encryption algorithms in general, and stream ciphers like rc4 in
particular, do not provide *any* protection against modification; rc4
is merely is a fast way to turn a secret key into a pseudo-random
bitstream which can then be xor'ed with the message to obscure its
content.
This makes it hard for a modifier to know what was changed or what it
was changed to, but an attacker can still toggle bits at known offsets
within the message, which may be sufficient to cause a predictable
change to the message as seen by the recipient.
Fortunately, TLS typically combines a cipher (such as RC4 or 3DES)
with a message authentication code (like HMAC-MD5) which *does* detect
modifications. If the issue is only protection against an uninvited
mangler-in-the-middle, you could do TLS with the null cipher and pay
only the cost of the HMAC computation.
- Bill