- From: Brian Pane <brianp@brianp.net>
- Date: Mon, 26 Mar 2012 00:16:20 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Mar 25, 2012 at 10:56 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CAAbTgTu7qbPiREWRRqFddgoko0FCt0jmxR=NP1gqsiARCwscew@mail.gmail.com> > , Brian Pane writes: > >>Nonetheless, I think it would be reasonable for HTTP/2.0 to require SSL. > > I think you need to talk to some people with big websites ;-) In my day job, I work on L7 performance at a website with 800 million users. Does that count? ;-) > There are a large swath of the HTTP traffic that doesn't need and cannot > afford the overhead of crypto and if you mandate that HTTP/2.0 use > crypto, they will simply stay on HTTP/1.1 forever. The cost of the crypto overhead isn't what it used to be. Nowadays a single core of a commodity CPU can do thousands of 1024-bit RSA operations per second or well over a Gb/s of RC4 or AES encryption. -Brian
Received on Monday, 26 March 2012 07:16:49 UTC