Re: TLS at transport level vs stream multiplexing and aggregation (http "routers")

There are interesting security implications of interlacing unencrypted and
encrypted data which I'm fairly sure have not at all been
analyzed/experimented with.
This was one of the reasons why we originally thought about, but did not
implement, encryption as an upper, rather than lower layer.

WS does do masking, but that is a fair bit less involved than TLS, which
requires bidirectional communication and is more involved.

Again, I think it is an interesting thing to experiment with, and think
that it will absolutely require lots of analysis and experience...
-=R


On Sun, Nov 17, 2013 at 2:56 PM, Willy Tarreau <w@1wt.eu> wrote:

> On Sun, Nov 17, 2013 at 02:30:03PM -0800, Roberto Peon wrote:
> > Sounds like an interesting experiment (as Mike already said, we
> considered
> > this way back when).
>
> yes, and it's already more or less what's done with WebSocket if my
> memory serves me right, as the masking is per message and I believe
> per channel when mux is used.
>
> I would personally like to see encryption used only on what *needs*
> to be encrypted so that "routing" HTTP doesn't require decrypting
> for most standard cases. We're not there yet...
>
> Willy
>
>

Received on Sunday, 17 November 2013 23:07:17 UTC