[afnog] privacy vs caching

Johan Bernhardsson johan at kafit.se
Mon Dec 22 07:24:54 UTC 2014


For Me it is a balance between security and speed and depends on the
customer greatly.

Many of my customers has ssl termination in the cache. But they require
a lot of speed and low latency (over 4k hits per second on the cache)

Using ssl end to end on their systems would probably kill the website if
all the backend servers would handle encryption and have less cache.
Every millisecond there matters.

But if it was a banking application i would probably scale it
differently and apply ssl all the way to the backend systems and cache
it differently.

/Johan

On Mon, 2014-12-22 at 11:14 +0400, Loganaden Velvindron wrote:
> On Sun, Dec 21, 2014 at 9:54 PM, Randy Bush <randy at psg.com> wrote:
> > caching is very difficult with end-to-end encryption as the cache does
> > not have the private keys of the server.  the ietf is in a bit of a
> > muddle on this.  should one allow middle-boxes to break the encryption
> > and fake it?
> 
> Hi Randy.
> 
> I think that it's a very bad idea to allow middle-boxes to break the encryption.
> 
> >
> > so which is more important to you and your customers (think consumers,
> > banks, news sites, ...), end-to-end encryption to ensure privacy, or
> > caching to reduce bandwidth consumption and improve latency?
> >
> 
> It depends on the kind of customer. Personally, I believe that having
> working security is better, and I can afford a few seconds more in
> terms of latency.
> 
> 
> 
> > randy
> >
> > _______________________________________________
> > afnog mailing list
> > http://afnog.org/mailman/listinfo/afnog
> 
> 
> 

-- 
Security all the way ...

Linux/CMS/Network/Performance/Virtualisation/VoIP Consultant

Kafit AB
Orgnr:  556792-5945
Mobile: +46705111751
Sweden: +46101993005
UK:     +448708200021
Cyprus: +35725030694
Seychelles: +2486478105
Email:  johan at kafit.se
Web:    http://www.kafit.se

About me: http://about.me/smallone/bio
LinkedIn: http://www.linkedin.com/in/smallone





More information about the afnog mailing list