IETF Logo Mail Archive

Re: Authentication over HTTP

Yoav Nir <ynir@checkpoint.com> Mon, 15 July 2013 09:08 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B303921F9E9C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jul 2013 02:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.432
X-Spam-Level:
X-Spam-Status: No, score=-10.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UbpU9TUlXMoS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jul 2013 02:07:58 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4C93321F909A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Jul 2013 02:02:36 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uyeey-00053Q-Vy for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Jul 2013 09:01:33 +0000
Resent-Date: Mon, 15 Jul 2013 09:01:32 +0000
Resent-Message-Id: <E1Uyeey-00053Q-Vy@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1Uyeeq-00051Q-IB for ietf-http-wg@listhub.w3.org; Mon, 15 Jul 2013 09:01:24 +0000
Received: from smtp.checkpoint.com ([194.29.34.68]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1Uyeep-0007UM-Bs for ietf-http-wg@w3.org; Mon, 15 Jul 2013 09:01:24 +0000
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r6F90oW0015738; Mon, 15 Jul 2013 12:00:50 +0300
X-CheckPoint: {51E3BA42-0-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.48]) by IL-EX10.ad.checkpoint.com ([169.254.2.91]) with mapi id 14.02.0342.003; Mon, 15 Jul 2013 12:00:49 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: Henry Story <henry.story@bblfish.net>, M Stefan <mstefanro@gmail.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
Thread-Topic: Authentication over HTTP
Thread-Index: AQHOgOhES0WdbZPy4Uas4RMGBbjKjJllN5aAgAABb4CAAAZ6AA==
Date: Mon, 15 Jul 2013 09:00:49 +0000
Message-ID: <7111B60E-3FD2-4C9E-A59F-35EDD3649961@checkpoint.com>
References: <51E330F5.6050100@gmail.com> <20E2425E-2FD7-4435-9529-1C3FC001D495@bblfish.net> <72655.1373877459@critter.freebsd.dk>
In-Reply-To: <72655.1373877459@critter.freebsd.dk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [91.90.139.159]
x-kse-antivirus-interceptor-info: protection disabled
x-cpdlp: 11509bef11e3cf911e60aab4a6b3b9ee1aed450140
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <F679E24AA5A32F4CB2D2F30596E4CF35@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: pass client-ip=194.29.34.68; envelope-from=ynir@checkpoint.com; helo=smtp.checkpoint.com
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=-0.502, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.391, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Uyeep-0007UM-Bs 2ec89b6051ece8eb9792db33876faffe
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Authentication over HTTP
Archived-At: <http://www.w3.org/mid/7111B60E-3FD2-4C9E-A59F-35EDD3649961@checkpoint.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18778
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Jul 15, 2013, at 11:37 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <20E2425E-2FD7-4435-9529-1C3FC001D495@bblfish.net>, Henry Story writ
> es:
> 
>> Computational cost is no longer a problem. Google and Facebook provide
>> it with billions of connections a day.
> 
> That's like saying "transportation is non-issue, because Bill Gates
> have a private jet."
> 
> Not everybody has Google and FaceBook's globally distributed resources,
> nor their laser-like focus on delivering web-content.

Not so. A pretty low-end server, say 4 cores, can handle 250 full handshakes per second, and can easily saturate a 1Gbps link.

That's with a default Apache and OpenSSL installation. If your website needs more than this, then you may not be in the class of Google and Facebook, but you're way beyond the personal blog / local store crowd.

It is true that content delivery networks charge a premium for things protected by TLS. I think that has more to do with signaling than actual costs.

Yoav

v2.23.0 | Report a Bug | By Email