W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Authentication over HTTP

From: Yoav Nir <ynir@checkpoint.com>
Date: Mon, 15 Jul 2013 09:00:49 +0000
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: Henry Story <henry.story@bblfish.net>, M Stefan <mstefanro@gmail.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Message-ID: <7111B60E-3FD2-4C9E-A59F-35EDD3649961@checkpoint.com>

On Jul 15, 2013, at 11:37 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <20E2425E-2FD7-4435-9529-1C3FC001D495@bblfish.net>, Henry Story writ
> es:
> 
>> Computational cost is no longer a problem. Google and Facebook provide
>> it with billions of connections a day.
> 
> That's like saying "transportation is non-issue, because Bill Gates
> have a private jet."
> 
> Not everybody has Google and FaceBook's globally distributed resources,
> nor their laser-like focus on delivering web-content.

Not so. A pretty low-end server, say 4 cores, can handle 250 full handshakes per second, and can easily saturate a 1Gbps link.

That's with a default Apache and OpenSSL installation. If your website needs more than this, then you may not be in the class of Google and Facebook, but you're way beyond the personal blog / local store crowd.

It is true that content delivery networks charge a premium for things protected by TLS. I think that has more to do with signaling than actual costs.

Yoav
Received on Monday, 15 July 2013 09:01:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC