Martin, I want to understand what https traffic you are concerned will affect performance and caching. As far as I understand the need for https, it would only be used infrequently, when reauthenticating to the server. I.e..:
1. XO connects to Moodle without valid cookie and is redirected to https login. 2. https client cert is exchanged, and cookie of limited duration is planted). 3. XO connects to Moodle, cookie is valid, no redirection needed. There might be particular use cases where the data in transit needed to be protected against snooping, but a use case analysis needs to be done to identify these. I can't imagine that it would be needed in day-to-day classroom use by students. On Thu, Feb 12, 2009 at 6:55 AM, <da...@lang.hm> wrote: > On Fri, 13 Feb 2009, Martin Langhoff wrote: > > > On Thu, Feb 12, 2009 at 11:54 PM, Simon Schampijer <si...@schampijer.de> > wrote: > >> Plan A - HTTPS to the rescue > >> Just to understand better. > >> > >> Is the main issue that we have to change the protocol - or are you more > >> worried about the CPU cost? > > > > Both. And also HTTPS network load, as HTTPS is a lot less cache-friendly. > > note that if the XS is acting as a proxy the cache issue can be addressed. > The XS can get a copy of the XO client cert at registration time, and with > it can decrypt the HTTPS traffic and cache the unencrypted version. this > is a lot of cpu, but it's on the XS not the XO, so it shouldn't be as bad > (and there are hardware SSL encryption cards available that can be put in > an XS for high-volume situations) > > it's not just a matter of downloading a package and installing it, but > it's not rocket science either. > > this would have the side effect of making the XS security even more > critical, but I think that it's already critical enough that this won't > really make much difference in how it's secured. > > David Lang > _______________________________________________ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel > -- "It is difficult to get a man to understand something, when his salary depends upon his not understanding it." -- Upton Sinclair
_______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel