Re: TLS at transport level vs stream multiplexing and aggregation (http "routers")

It's definitely worth exploring more.  I've done some experimentation with
it as well.  There are a host of issues that jump out immediately but the
overall concept of http2 stream level encryption is theoretically sound.
On Nov 17, 2013 3:08 PM, "Roberto Peon" <grmocg@gmail.com> wrote:

> There are interesting security implications of interlacing unencrypted and
> encrypted data which I'm fairly sure have not at all been
> analyzed/experimented with.
> This was one of the reasons why we originally thought about, but did not
> implement, encryption as an upper, rather than lower layer.
>
> WS does do masking, but that is a fair bit less involved than TLS, which
> requires bidirectional communication and is more involved.
>
> Again, I think it is an interesting thing to experiment with, and think
> that it will absolutely require lots of analysis and experience...
> -=R
>
>
> On Sun, Nov 17, 2013 at 2:56 PM, Willy Tarreau <w@1wt.eu> wrote:
>
>> On Sun, Nov 17, 2013 at 02:30:03PM -0800, Roberto Peon wrote:
>> > Sounds like an interesting experiment (as Mike already said, we
>> considered
>> > this way back when).
>>
>> yes, and it's already more or less what's done with WebSocket if my
>> memory serves me right, as the masking is per message and I believe
>> per channel when mux is used.
>>
>> I would personally like to see encryption used only on what *needs*
>> to be encrypted so that "routing" HTTP doesn't require decrypting
>> for most standard cases. We're not there yet...
>>
>> Willy
>>
>>
>

Received on Sunday, 17 November 2013 23:24:23 UTC