Git Product home page Git Product logo

Comments (2)

vlhomutov avatar vlhomutov commented on June 13, 2024

Hello.

I see that this patch is very similar to this one: https://mailman.nginx.org/pipermail/nginx-devel/2020-June/013211.html
Is it the same patch or maybe you are an author?

AFAIK, the main reason it is not merged is the lack of ability to signal early data to application.
In HTTP you can pass custom header with a value taken from corresponding variable, so the
application can decide if it is willing to accept early data in this context or not (considering replay attacks).
In stream, this is not possible: there is no means to pass anything extra to proxied application, what raises
security questions.

Can you please elaborate on your specific use case? What protocol are you using and what benefit are you expecting?

from angie.

pmkol avatar pmkol commented on June 13, 2024

Hello.

I see that this patch is very similar to this one: https://mailman.nginx.org/pipermail/nginx-devel/2020-June/013211.html Is it the same patch or maybe you are an author?

AFAIK, the main reason it is not merged is the lack of ability to signal early data to application. In HTTP you can pass custom header with a value taken from corresponding variable, so the application can decide if it is willing to accept early data in this context or not (considering replay attacks). In stream, this is not possible: there is no means to pass anything extra to proxied application, what raises security questions.

Can you please elaborate on your specific use case? What protocol are you using and what benefit are you expecting?

I am not the patch author. I simply found improvement methods referenced in this patch. In the context of streaming, the 0-RTT feature is needed. For example, in the case of DNS over TLS (DoT), it involves encrypting TCP-based DNS traffic directly with SSL. Enabling 0-RTT enhances performance.

For simple requests like DNS, since it's possible to transmit the requester's IP to the backend DNS program using proxy_protocol, the backend only needs to impose limits on the number of requests per IP, which does not pose a security issue.

from angie.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.