On Fri, 13 Feb 2009, Martin Langhoff wrote: > On Thu, Feb 12, 2009 at 11:54 PM, Simon Schampijer <si...@schampijer.de> > wrote: >> Plan A - HTTPS to the rescue >> Just to understand better. >> >> Is the main issue that we have to change the protocol - or are you more >> worried about the CPU cost? > > Both. And also HTTPS network load, as HTTPS is a lot less cache-friendly.
note that if the XS is acting as a proxy the cache issue can be addressed. The XS can get a copy of the XO client cert at registration time, and with it can decrypt the HTTPS traffic and cache the unencrypted version. this is a lot of cpu, but it's on the XS not the XO, so it shouldn't be as bad (and there are hardware SSL encryption cards available that can be put in an XS for high-volume situations) it's not just a matter of downloading a package and installing it, but it's not rocket science either. this would have the side effect of making the XS security even more critical, but I think that it's already critical enough that this won't really make much difference in how it's secured. David Lang _______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
