- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 12 May 2017 07:28:14 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Stefan Eissing <stefan.eissing@greenbytes.de>, Kazuho Oku <kazuhooku@gmail.com>, Mark Nottingham <mnot@mnot.net>, Erik Nygren <erik@nygren.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "Ponec, Miroslav" <mponec@akamai.com>, "Kaduk, Ben" <bkaduk@akamai.com>
Hi Martin, On Fri, May 12, 2017 at 09:53:19AM +1000, Martin Thomson wrote: > (As for Willy's concern, maybe consider the request "incomplete" until > the handshake completes, even if it is not.) It's really not easy given that the L7 layer is fed by a decrypted data stream of bytes, and notified about progress when new bytes appear. Furthermore, today we have many people who split TLS decryption and L7 processing into different processes in order to optimize latency so the L7 process has no visibility on the TLS layer after it receives the request. And we're back to the original point : if we do this for all requests, we're just doing 1-RTT 100% of the time in the end. Right now it *seems* to me that 0-RTT is very interesting in theory, possibly interesting in some specific client-to-server deployments, and practically not usable in multi-tier architectures due to the absence of end-to-end signaling. But I'm convinced we can improve the situation :-) Willy
Received on Friday, 12 May 2017 05:28:52 UTC