On Apr 17, 2015 8:37 AM, "Mark Watson" <watsonm@netflix.com> wrote:
>
> I have trouble understanding this comment. The problems we had, and
solved, in nginx, were entirely generic and in no way
"organization-specific". Anyone using nginx for the most basic web serving
of large objects at any kind of scale would have the same issue. nginx is
widely used and our solution will be available to anyone.
Mark,
It was not at all intended as a slight - though it seems you may have taken
it as such. The challenges you solved _were_ unique to your organization -
in as much as you made decisions about the design/deployment of OCA and had
to solve your challenges within that framework. That includes changes to
nginx and FreeBSD, but it's just as likely some other provider could be
using Apache, or they could be serving with significantly beefier machines
than OCA devices, but be stymied by CDN costs, or perhaps an inability to
update devices, or any number of organization-specific challenges, even if
the solutions are open.
That you found a solution that works for Netflix's environment is great,
and underscores the many remarks along the way that it is not TLS
intrinsically that is the issue. Other organizations may face different
challenges than Netflix - or, out differently, Netflix's solutions may not
be appropriate for their environments - and having a migration path is
exceptionally helpful.