On 2012-03-05 11:43, Poul-Henning Kamp wrote:
> In message<
20120305104004.GC30594@...>, Willy Tarreau writes:
>
>> Being able to encrypt only the payload would be extremely useful in
>> server-to-server communications in datacenters.
>
> How usefull is it, when packet sniffing gets you both the key
> and the encrypted data ?
>
> I could understand it if the userinfo pointed to a PSK, but sending
> the actual AES key as part of the request defeats any attempt at
> privacy I can see ?
I think the confusion comes from embedding local information into the
URI; it seems the userinfo is not supposed to be transmitted on the
wire. (which of course raises the question about why it's in the URI then)
Best regards, Julian
