Patrik Fältström wrote:
> The IESG is worried about "middlebox features" which comes up all
> over the place. Just all over. The way people think about early TCP
> termination, "front-ending SSL connections so the SSL is not all the
> way to the server", ...etc might not all the time work well in todays
> design of the Internet.
I think most IP people dislike the TCP hacks quite often done today in
load balancers and "transparent" proxies & accelerators. This is bound
to give problems sooner or later (quite often sooner in my experience).
Regarding the SSL connection termination outside the "web server" I
don't view it as a problem if done properly (i.e. no TCP hacking).
Technically what is done is to introduce a HTTPS->HTTP application
gateway in the request flow. The end point the user client connects to
is the gateway application.
-- Henrik Nordström
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:29 MST