W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Mandatory encryption

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 19 Jul 2012 12:17:10 +0200
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Roberto Peon <grmocg@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, grahame@healthintersections.com.au, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Mike Belshe <mike@belshe.com>
Message-ID: <20120719101710.GI16208@1wt.eu>
On Thu, Jul 19, 2012 at 10:08:04AM +0000, Poul-Henning Kamp wrote:
> In message <20120719093901.GB16208@1wt.eu>, Willy Tarreau writes:
> 
> >TLS is a valid transport [...]
> 
> Am I the only one who think we should be able to mix protected
> and unprotected transactions on the same TCP stream ?

No you're not the only one, I like it too, as well as I'd like to
ensure that websocket and HTTP can share the same TCP connection
as well.

> I really don't see why the user should have to open a new connection
> just because they want to log into a site, and it would allow
> proxies, gateways and routers to use fewer connections more
> efficiently.

In fact, mixing streams saves TCP connections. However, processing
encryption on a stream is always expensive as it requires data copy
at the software level.

If we one day support datagram-based transport (which I hope for
many reasons), then I'd favor splitting the streams so that we can
rely on the NIC's ability to encrypt datagrams at a zero cost.

Regards,
Willy
Received on Thursday, 19 July 2012 10:17:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 10:17:45 GMT