[afnog] privacy vs caching
Seun Ojedeji
seun.ojedeji at gmail.com
Mon Dec 22 08:11:42 UTC 2014
sent from Google nexus 4
kindly excuse brevity and typos.
On 22 Dec 2014 08:25, "Johan Bernhardsson" <johan at kafit.se> wrote:
>
> For Me it is a balance between security and speed and depends on the
> customer greatly.
>
I think this is the main rationale; and the fact that it cannot be 100%
either way would justify the need to provide option for both ends.
I for one will place caching ability above encryption due to my present
circumstances of limited, but I don't also don't want to believe I am not
safe by making that decision ;)
Cheers!
> Many of my customers has ssl termination in the cache. But they require
> a lot of speed and low latency (over 4k hits per second on the cache)
>
> Using ssl end to end on their systems would probably kill the website if
> all the backend servers would handle encryption and have less cache.
> Every millisecond there matters.
>
> But if it was a banking application i would probably scale it
> differently and apply ssl all the way to the backend systems and cache
> it differently.
>
> /Johan
>
> On Mon, 2014-12-22 at 11:14 +0400, Loganaden Velvindron wrote:
> > On Sun, Dec 21, 2014 at 9:54 PM, Randy Bush <randy at psg.com> wrote:
> > > caching is very difficult with end-to-end encryption as the cache does
> > > not have the private keys of the server. the ietf is in a bit of a
> > > muddle on this. should one allow middle-boxes to break the encryption
> > > and fake it?
> >
> > Hi Randy.
> >
> > I think that it's a very bad idea to allow middle-boxes to break the
encryption.
> >
> > >
> > > so which is more important to you and your customers (think consumers,
> > > banks, news sites, ...), end-to-end encryption to ensure privacy, or
> > > caching to reduce bandwidth consumption and improve latency?
> > >
> >
> > It depends on the kind of customer. Personally, I believe that having
> > working security is better, and I can afford a few seconds more in
> > terms of latency.
> >
> >
> >
> > > randy
> > >
> > > _______________________________________________
> > > afnog mailing list
> > > http://afnog.org/mailman/listinfo/afnog
> >
> >
> >
>
> --
> Security all the way ...
>
> Linux/CMS/Network/Performance/Virtualisation/VoIP Consultant
>
> Kafit AB
> Orgnr: 556792-5945
> Mobile: +46705111751
> Sweden: +46101993005
> UK: +448708200021
> Cyprus: +35725030694
> Seychelles: +2486478105
> Email: johan at kafit.se
> Web: http://www.kafit.se
>
> About me: http://about.me/smallone/bio
> LinkedIn: http://www.linkedin.com/in/smallone
>
>
>
> _______________________________________________
> afnog mailing list
> http:// <http://afnog.org/mailman/listinfo/afnog>afnog.org
<http://afnog.org/mailman/listinfo/afnog>/mailman/
<http://afnog.org/mailman/listinfo/afnog>listinfo
<http://afnog.org/mailman/listinfo/afnog>/
<http://afnog.org/mailman/listinfo/afnog>afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20141222/f3aa5c28/attachment.html>
More information about the afnog
mailing list