- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 13 Jul 2012 21:11:21 +0000
- To: Nico Williams <nico@cryptonector.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
In message <CAK3OfOh7P1pdf91UFA8xj6nxj+c0__Bg11HZHy83mAbbBwFmgg@mail.gmail.com> , Nico Williams writes: >> One of the main reasons Varnish does not support HTTPS is the the >> quality of the APIs available, and the elephantine amounts of >> needless generality behind them. > >APIs like OpenSSL's are awful, I give you that. If you used the >GSS-API as an interface to TLS you'd have a very trivial client, >particularly for anonymous clients. You'd only need these functions: You seem to overlook half of my argument: It is both a matter of API design *AND* lugging around tons of unnecessary code. >> Crypto for HTTP/2.0 should be specified in a way which is very hard >> to do wrong, not very hard to do right. > >I agree violently. So lets start from there, if we ever get a chance. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 21:11:43 UTC