W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: TLS at transport level vs stream multiplexing and aggregation (http "routers")

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 18 Nov 2013 00:27:15 +0100
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20131117232715.GE18577@1wt.eu>
On Sun, Nov 17, 2013 at 11:06:48PM +0000, Poul-Henning Kamp wrote:
> In message <20131117225637.GD18577@1wt.eu>, Willy Tarreau writes:
> >On Sun, Nov 17, 2013 at 02:30:03PM -0800, Roberto Peon wrote:
> 
> >I would personally like to see encryption used only on what *needs*
> >to be encrypted so that "routing" HTTP doesn't require decrypting
> >for most standard cases. We're not there yet...
> 
> That would be one of the best ways HTTP/2.0 could improve
> performance over HTTP/1.1...
> 
> Routing encrypted transactions is perfectly feasible, we just
> have to define a non-encrypted routable envelope (Host: + non-query
> part of URL).

I'm certain it is possible, I've worked for a bank where some
webservices had only their payload encrypted/signed, and since
they were using only POST, there was no query string :-)

Willy
Received on Sunday, 17 November 2013 23:27:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC