IETF Logo Mail Archive

Re: Authentication over HTTP

"Ludin, Stephen" <sludin@akamai.com> Mon, 15 July 2013 14:40 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6706C11E80DC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jul 2013 07:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8vcYetDbu4p for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jul 2013 07:40:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 50E3E21F9AE2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Jul 2013 07:39:57 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UyjvM-0001vO-Ox for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Jul 2013 14:38:48 +0000
Resent-Date: Mon, 15 Jul 2013 14:38:48 +0000
Resent-Message-Id: <E1UyjvM-0001vO-Ox@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <sludin@akamai.com>) id 1UyjvE-0001uf-HE for ietf-http-wg@listhub.w3.org; Mon, 15 Jul 2013 14:38:40 +0000
Received: from prod-mail-xrelay08.akamai.com ([96.6.114.112]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <sludin@akamai.com>) id 1Uyjv9-0002wo-SU for ietf-http-wg@w3.org; Mon, 15 Jul 2013 14:38:40 +0000
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 66555480C0; Mon, 15 Jul 2013 14:38:09 +0000 (GMT)
Received: from prod-mail-relay04.akamai.com (prod-mail-relay04.akamai.com [172.27.8.27]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 57C2D480BA; Mon, 15 Jul 2013 14:38:09 +0000 (GMT)
Received: from ustx2ex-cashub.dfw01.corp.akamai.com (ustx2ex-cashub5.dfw01.corp.akamai.com [172.27.25.71]) by prod-mail-relay04.akamai.com (Postfix) with ESMTP id 2F34347BEE; Mon, 15 Jul 2013 14:38:09 +0000 (GMT)
Received: from USMBX2.msg.corp.akamai.com ([169.254.1.88]) by ustx2ex-cashub5.dfw01.corp.akamai.com ([172.27.25.71]) with mapi; Mon, 15 Jul 2013 09:38:08 -0500
From: "Ludin, Stephen" <sludin@akamai.com>
To: Yoav Nir <ynir@checkpoint.com>
CC: Poul-Henning Kamp <phk@phk.freebsd.dk>, Henry Story <henry.story@bblfish.net>, M Stefan <mstefanro@gmail.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Date: Mon, 15 Jul 2013 09:38:08 -0500
Thread-Topic: Authentication over HTTP
Thread-Index: Ac6BaOycxP8OBJhuQg2uINW2I1wLag==
Message-ID: <82F65426-EBD6-4A08-A1B2-4CBE66851CD0@akamai.com>
References: <51E330F5.6050100@gmail.com> <20E2425E-2FD7-4435-9529-1C3FC001D495@bblfish.net> <72655.1373877459@critter.freebsd.dk> <7111B60E-3FD2-4C9E-A59F-35EDD3649961@checkpoint.com>
In-Reply-To: <7111B60E-3FD2-4C9E-A59F-35EDD3649961@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: none client-ip=96.6.114.112; envelope-from=sludin@akamai.com; helo=prod-mail-xrelay08.akamai.com
X-W3C-Hub-Spam-Status: No, score=-3.6
X-W3C-Hub-Spam-Report: AWL=-3.254, RP_MATCHES_RCVD=-0.391
X-W3C-Scan-Sig: lisa.w3.org 1Uyjv9-0002wo-SU 6c49e9d8426c990c9140a2e18d833ce6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Authentication over HTTP
Archived-At: <http://www.w3.org/mid/82F65426-EBD6-4A08-A1B2-4CBE66851CD0@akamai.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18787
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Jul 15, 2013, at 2:02 AM, "Yoav Nir" <ynir@checkpoint.com> wrote:

> 
> On Jul 15, 2013, at 11:37 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> 
>> 
>> That's like saying "transportation is non-issue, because Bill Gates
>> have a private jet."
>> 
>> Not everybody has Google and FaceBook's globally distributed resources,
>> nor their laser-like focus on delivering web-content.
> 
> Not so. A pretty low-end server, say 4 cores, can handle 250 full handshakes per second, and can easily saturate a 1Gbps link.
> 
> That's with a default Apache and OpenSSL installation. If your website needs more than this, then you may not be in the class of Google and Facebook, but you're way beyond the personal blog / local store crowd.
> 
> It is true that content delivery networks charge a premium for things protected by TLS. I think that has more to do with signaling than actual costs.
> 
> Yoav
> 

And that premium comes directly from cost. 

There is still a big gap between "TLS is totally free" and what we have today. 250 handshakes a second is a big difference from the 2500 connection o more you can get without. The march to 2048 makes that worse, and luckily advances like ECC help bring it some of the way back. When you then consider the excess requirements of having sufficient resources to gracefully withstand a DDoS, the problem is compounded. 

All that said, you have not heard me preaching against the growing adoption of TLS. I think it is a "good thing" despite the pain associated with it. I firmly believe, however, that as long as there is some incremental cost with TLS there will be someone whose business wants to avoid that cost affecting their margins and will look for a non-TLS alternative. These discussions have been hashed and rehashed since SPDY was introduced, however, and I doubt there is much new to add to them at this point. 

-stephen

v2.23.0 | Report a Bug | By Email