[sanjod]

Interesting. Is that possible to use Ockam as a replacement for TLS for regular client-server interactions (let’s say REST API)? Usually TLS is terminated at some facade server (e.g. CloudFlare or Load Balancer), and then travel through another TLS session to the end server. This way all data is exposed to middle server(s) that should not be able to read it. Is Ockam capable of solving that problem?

[__mrinal__]

Great question! Yes you can use Ockam in that setting to terminate encryption just before your cloud service needs to use the data instead of at the LoadBalancer or another intermediary like Cloudflare.

The Ockam TCP transport can move end-to-end encrypted through a Layer 4 Network Load Balancer. The Ockam WebSocket transport can move end-to-end encrypted through a Layer 7 Application Load Balancer.