TLS sandboxing
Poul-Henning Kamp
phk at phk.freebsd.dk
Wed Sep 4 08:02:04 UTC 2019
--------
In message <bfad471b-d009-57b4-e621-adefde9747d2 at schokola.de>, Nils Goroll writ
es:
>Yet with the H3/QUIC madness on the horizon,
No, they actually dealt with this in the design, so that "keyless"
operation is more or less the natural architecture for QUIC.
If we want to do TCP/TLS, we should also aim firmly for the "keyless" model.
I'm hoping we can to raid the hitch source code to build the "keymaster" process.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list