[hm8]

This is amazing. May be the paper has details on the following questions: 1. Is the data being encrypted on the go, meaning it is encrypted as needed probably with the login user's shared key. That would explain the need for running sendfile on every video traffic packet. 2. How would CDN caching work with this?

[bertrandmt]

1. the data is encrypted with the established TLS session key for the current downloading session, i.e. it is indeed a per instance key. Therefore, there is no choice but to encrypt on the go.

2. the CDN cache in fact is the place where this encryption (for the purpose of TLS) takes place. It therefore does not interfere with the CDN function.