- From: Brian Pane <brianp@brianp.net>
- Date: Fri, 13 Jul 2012 12:26:49 -0700
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAAbTgTv4QxwyBy5Fp5xg7A_WAQ2BAxrK=Ui932amJrXZ2iA50A@mail.gmail.com>
On Friday, July 13, 2012, Poul-Henning Kamp wrote: > In message < > CAHBU6itLXj1W2uGEFvMEemi5hBrYjmaeYq-8b0oJvzKdvCh34Q@mail.gmail.com<javascript:;> > > > , Tim Bray writes: > > >How much information needs to be in the unprotected envelope? Because one > >of the benefits of transport-level security is that a snooper, for example > >a government tracking dissidents, knows little/nothing about my traffic > >aside from the routing. Not a rhetorical question. -Tim > > And this is exactly about the routing. > > The three fields that today should be part of the envelope is > "Host:", URI (Sans query part) and Session-Nonce. (Since we don't > actually have a session-nonce, today people route on cookies.) >From the perspective of a load balancer, having just those three fields in cleartext isn't sufficient. Sending a request to the proper upstream destination may require information from Cookie, X-Forwarded-For, and more. And because there's an overlap between the fields often needed for load balancing and the fields that contain PII, trying to put the former in a cleartext envelope Is a tricky proposition. I'm not too concerned about load balancers having to decrypt messages, though: SSL termination has been a key selling point for load balancers for many years. -Brian
Received on Friday, 13 July 2012 19:27:16 UTC