- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 18 Nov 2013 00:27:15 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 11:06:48PM +0000, Poul-Henning Kamp wrote: > In message <20131117225637.GD18577@1wt.eu>, Willy Tarreau writes: > >On Sun, Nov 17, 2013 at 02:30:03PM -0800, Roberto Peon wrote: > > >I would personally like to see encryption used only on what *needs* > >to be encrypted so that "routing" HTTP doesn't require decrypting > >for most standard cases. We're not there yet... > > That would be one of the best ways HTTP/2.0 could improve > performance over HTTP/1.1... > > Routing encrypted transactions is perfectly feasible, we just > have to define a non-encrypted routable envelope (Host: + non-query > part of URL). I'm certain it is possible, I've worked for a bank where some webservices had only their payload encrypted/signed, and since they were using only POST, there was no query string :-) Willy
Received on Sunday, 17 November 2013 23:27:43 UTC