- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 11 Jul 2014 11:54:13 -0700
- To: Phil Hunt <phil.hunt@oracle.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 July 2014 11:40, Phil Hunt <phil.hunt@oracle.com> wrote: > Any reason why load-balancers aren’t in this discussion? With more end-to-end security coming in place, load balancers are starting to have similar or even more complex challenges. The focus so far has been on the role of proxies on the client side. The important issue being the role that an external third party (in the figurative sense) has in what is - at it's core - a two-party conversation. Of course, that is a gross oversimplification of the matter and doesn't do justice to the vast range of options possible in this space. Load-balancers (or gateways) are usually part of the first two parties; they are able to assert an authenticated identity as a server. That means that the issues are quite different. There are the TLS issues arising from this (key management, interaction with the handshake, etc...), which have been the subject of extensive discussion in TLS. Those discussions are more appropriate in that forum. Then there are the intermediation concerns at the HTTP layer. We have had a lot of discussion about the details of the protocol design for gateways. It might even be said that the conversation - certainly recently - has been dominated by these concerns. Is there a specific aspect of the conversation that you would like to see us cover more thoroughly?
Received on Friday, 11 July 2014 18:54:43 UTC