On 05/07/2016 08:25 AM, Matthew Gillen wrote:
On 5/4/2016 5:37 PM, Kent Borg wrote:
-kb, the Kent who admits he doesn't know how https works through Akamai
and the like.
It doesn't. Akamai is a TLS termination point. They have the private
keys of any domain they are proxying for, so they can act as the TLS
endpoint.
But TLS can work through a more prosaic proxy, which could do load
balancing and failover stuff. I guess a boring proxy can't serve up
cached content from nearby locations, it has to pass it on encrypted to
a machine with the the right certificate. But it could pass it on wisely
and cleverly, couldn't it? I guess it couldn't do DDoS defense and give
each client dedicated IP addresses, at least not IPv4 addresses. (In a
few weeks Apple Store is going to require ios apps work on IPv6-only
networks.)
By the way: My old maradns i was running in-house got too old, it was
sometimes serving up wrong answers, that was part of what I was seeing a
week ago. Still scared of bad things I have heard about bind, I
installed powerdns--it seems supported and in current use. I am only
using it for authoritative local stuff, and for recursive passing
queries on to 8.8.8.8. Seems to work so far.
-kb, the Kent who still doesn't think banks should anonymize their
reputations.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
