Re: HTTP/2 and Pervasive Monitoring

Greg Wilkins <gregw@intalio.com> Wed, 20 August 2014 00:56 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9B1B1A010E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.537
X-Spam-Level:
X-Spam-Status: No, score=-4.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, FRT_DOLLAR=2.41, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4kX7OQrcxew for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:56:37 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80EDF1A010D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 19 Aug 2014 17:56:37 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XJuA7-0005Ag-Rl for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 00:54:03 +0000
Resent-Date: Wed, 20 Aug 2014 00:54:03 +0000
Resent-Message-Id: <E1XJuA7-0005Ag-Rl@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XJu9t-00059l-4b for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 00:53:49 +0000
Received: from mail-wg0-f42.google.com ([74.125.82.42]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XJu9r-0005Xs-Vg for ietf-http-wg@w3.org; Wed, 20 Aug 2014 00:53:49 +0000
Received: by mail-wg0-f42.google.com with SMTP id l18so6964736wgh.13 for <ietf-http-wg@w3.org>; Tue, 19 Aug 2014 17:53:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=9QuRXirC1zyqRfCh22c2DBxoJHvgN45RIHtoJslAY8E=; b=gOBawoHZ8UmiC8qfrv0p8VvQ04dOxaiUysHC/x+XrVnsHOf15Acfw1hm5rlBoSmHKD 06j85uPQip7kNpiCdoTrjCAEvF9xnqvdUHm3WBvkVudOaj+hAJ4y0nxBojd21jQh9h6k +zCTFjhbs5wV/aGJwQAsKfmSPtRoYvnA62UX8aObutjrE1HLJkxXfLkNQdD5uUinblTV XhyX2yi4FDMoke6d7N9fArCr9Y7KVdWrxO0gZfu52KT2c+1TL+lIawJT9/WyNbSsEfxm kxTzQ2o1btwo2mX0HucwPUbsRl1AqeUaV7WeeAXrY8BbB9c4CvwvUIy1y+PllmFLbWXF DWIw==
X-Gm-Message-State: ALoCoQmMXOXnla40XlZryerDUPEmmVfPVtPSnhbQxHWrDyemh+pC4VAvhUbin3OxGSA7b+Ss0KFE
MIME-Version: 1.0
X-Received: by 10.180.85.136 with SMTP id h8mr10756823wiz.67.1408496001499; Tue, 19 Aug 2014 17:53:21 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Tue, 19 Aug 2014 17:53:21 -0700 (PDT)
In-Reply-To: <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net> <4851.1408094168@critter.freebsd.dk> <EB5B7C64-165B-48F1-94FF-1354E917A10F@mnot.net> <5871.1408106089@critter.freebsd.dk> <A9F561E4-E5C6-4E1D-89B1-F1EDA9FA1BAC@mnot.net>
Date: Wed, 20 Aug 2014 10:53:21 +1000
Message-ID: <CAH_y2NGo2YvaJueD+3nym_PGf-9ee=kgzuMhMVK98omm0vZ5Ww@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d0444e9b7d660ba050105076c"
Received-SPF: permerror client-ip=74.125.82.42; envelope-from=gregw@intalio.com; helo=mail-wg0-f42.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.062, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XJu9r-0005Xs-Vg d43852f97b96ab15bfc150b273f8a3b6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CAH_y2NGo2YvaJueD+3nym_PGf-9ee=kgzuMhMVK98omm0vZ5Ww@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26671
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 20 August 2014 10:32, Mark Nottingham <mnot@mnot.net> wrote:

> I'm curious; do Ilari's numbers <
> http://www.w3.org/mid/20140817120844.GA1346@LK-Perkele-VII> change your
> mind at all?
>

For many servers, the cost of applying the actual cipher is not the main
impost of doing TLS.   The main impost for java servers is just bringing
the data into user memory in the first place so that it can be sliced,
passed to a TLS encoder and then at the very least copied if not encoded.

If we don't have to apply a cipher at all then we can do direct writes with
memory mapped files that move data from file system to network without
transiting user memory.  To apply the null cipher, there will be a data
copy into user space, a data copy from input to output buffers and a data
copy out of user memory.   These 3 copies are almost certainly a lot more
expensive than the cipher (which is done during one of the copies).

I'll try to find the time to see if I can get some hard numbers for what is
the impact of applying even a null cipher in java.    But I'm dubious if
the cost of terminating TLS will be insignificant any time soon.

regards







-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.