<p dir="ltr">sent from Google nexus 4<br>
kindly excuse brevity and typos.<br>
On 22 Dec 2014 08:25, "Johan Bernhardsson" <<a href="mailto:johan@kafit.se">johan@kafit.se</a>> wrote:<br>
><br>
> For Me it is a balance between security and speed and depends on the<br>
> customer greatly.<br>
><br>
I think this is the main rationale; and the fact that it cannot be 100% either way would justify the need to provide option for both ends.</p>
<p dir="ltr">I for one will place caching ability above encryption due to my present circumstances of limited, but I don't also don't want to believe I am not safe by making that decision ;)</p>
<p dir="ltr">Cheers!<br>
> Many of my customers has ssl termination in the cache. But they require<br>
> a lot of speed and low latency (over 4k hits per second on the cache)<br>
><br>
> Using ssl end to end on their systems would probably kill the website if<br>
> all the backend servers would handle encryption and have less cache.<br>
> Every millisecond there matters.<br>
><br>
> But if it was a banking application i would probably scale it<br>
> differently and apply ssl all the way to the backend systems and cache<br>
> it differently.<br>
><br>
> /Johan<br>
><br>
> On Mon, 2014-12-22 at 11:14 +0400, Loganaden Velvindron wrote:<br>
> > On Sun, Dec 21, 2014 at 9:54 PM, Randy Bush <<a href="mailto:randy@psg.com">randy@psg.com</a>> wrote:<br>
> > > caching is very difficult with end-to-end encryption as the cache does<br>
> > > not have the private keys of the server. the ietf is in a bit of a<br>
> > > muddle on this. should one allow middle-boxes to break the encryption<br>
> > > and fake it?<br>
> ><br>
> > Hi Randy.<br>
> ><br>
> > I think that it's a very bad idea to allow middle-boxes to break the encryption.<br>
> ><br>
> > ><br>
> > > so which is more important to you and your customers (think consumers,<br>
> > > banks, news sites, ...), end-to-end encryption to ensure privacy, or<br>
> > > caching to reduce bandwidth consumption and improve latency?<br>
> > ><br>
> ><br>
> > It depends on the kind of customer. Personally, I believe that having<br>
> > working security is better, and I can afford a few seconds more in<br>
> > terms of latency.<br>
> ><br>
> ><br>
> ><br>
> > > randy<br>
> > ><br>
> > > _______________________________________________<br>
> > > afnog mailing list<br>
> > ><a href="http://afnog.org/mailman/listinfo/afnog"> http://afnog.org/mailman/listinfo/afnog</a><br>
> ><br>
> ><br>
> ><br>
><br>
> --<br>
> Security all the way ...<br>
><br>
> Linux/CMS/Network/Performance/Virtualisation/VoIP Consultant<br>
><br>
> Kafit AB<br>
> Orgnr: 556792-5945<br>
> Mobile:<a href="tel:%2B46705111751"> +46705111751</a><br>
> Sweden:<a href="tel:%2B46101993005"> +46101993005</a><br>
> UK: <a href="tel:%2B448708200021">+448708200021</a><br>
> Cyprus:<a href="tel:%2B35725030694"> +35725030694</a><br>
> Seychelles:<a href="tel:%2B2486478105"> +2486478105</a><br>
> Email: <a href="mailto:johan@kafit.se"> johan@kafit.se</a><br>
> Web: <a href="http://www.kafit.se"> http://www.kafit.se</a><br>
><br>
> About me:<a href="http://about.me/smallone/bio"> http://about.me/smallone/bio</a><br>
> LinkedIn:<a href="http://www.linkedin.com/in/smallone"> http://www.linkedin.com/in/smallone</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> afnog mailing list<br>
><a href="http://afnog.org/mailman/listinfo/afnog"> http://</a><a href="http://afnog.org/mailman/listinfo/afnog">afnog.org</a><a href="http://afnog.org/mailman/listinfo/afnog">/mailman/</a><a href="http://afnog.org/mailman/listinfo/afnog">listinfo</a><a href="http://afnog.org/mailman/listinfo/afnog">/</a>afnog</p>