How to end-to-end encrypt all application layer communication

Y	Hacker News new \| ask \| show \| jobs

	How to end-to-end encrypt all application layer communication (github.com)
	18 points by __mrinal__ 1725 days ago

1 comments

sanjod 1725 days ago

Interesting. Is that possible to use Ockam as a replacement for TLS for regular client-server interactions (let’s say REST API)? Usually TLS is terminated at some facade server (e.g. CloudFlare or Load Balancer), and then travel through another TLS session to the end server. This way all data is exposed to middle server(s) that should not be able to read it. Is Ockam capable of solving that problem?

link

__mrinal__ 1725 days ago

Great question! Yes you can use Ockam in that setting to terminate encryption just before your cloud service needs to use the data instead of at the LoadBalancer or another intermediary like Cloudflare.

The Ockam TCP transport can move end-to-end encrypted through a Layer 4 Network Load Balancer. The Ockam WebSocket transport can move end-to-end encrypted through a Layer 7 Application Load Balancer.

link