TLS sandboxing

Poul-Henning Kamp phk at
Wed Sep 4 08:02:04 UTC 2019

In message <bfad471b-d009-57b4-e621-adefde9747d2 at>, Nils Goroll writ

>Yet with the H3/QUIC madness on the horizon, 

No, they actually dealt with this in the design, so that "keyless"
operation is more or less the natural architecture for QUIC.

If we want to do TCP/TLS, we should also aim firmly for the "keyless" model.

I'm hoping we can to raid the hitch source code to build the "keymaster" process.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-dev mailing list