The Armour of TLS
If you’re sending data across the Internet, it’s unprotected unless it’s encapsulated within Transport Layer Security (TLS). TLS enables HTTPS and HTTPS prevents eyes from peering into traffic-in-motion. The armour-y goodness of HTTPS comes at a cost: a visitor’s first connection must complete a three-trip encryption handshake.
The dance plays out like this:
The visitor says clientHello then proposes a cryptographic method, or CipherSuite, to use with the server. →
The server responds with serverHello, agrees on a CipherSuite, presents a public key tied to its private key then sends it to the client. ←
The client receives the public key from the server, then encrypts and delivers its secret key information to the server using that public key. →
The client notifies the server that it is finished. →
The server agrees with the client that it, too, is finished. ←
Encrypted information flows between the visitor and the server. ← →
Advancements within HTTP/2 and the TLS protocol reduce this handshake by one trip and remove it entirely for repeat visitors. However, HTTP/2 and TLS 1.3 are not yet ubiquitous and even with two trips the back-and-forth can be an issue depending on distance. We’ll touch more upon the limitations of time and space further on…
The Pixies are not to be trusted! They are tricksters; with beautiful landing pages and sublime marketing promises they’ll tell you: “Just put a wee’ snippet here and wield powerful features!”
Now you have a handful of robust analytical widgets super-charged with heat-maps, full-session play-back, buttons, trinkets, doo-dads, whirlyjigs – everything you can ever dream of – and you didn’t have to code any of it! But you’ve been tricked.
The third-party can…
Make changes to the Document Object Model (DOM).
Access global variables and pollute the global scope.
Make requests to the server as the user.
Exploit the entire Cross-Site Scripting attack vector.
This is a spooky reality:
window.onload being blocked until the snippet load has completed.
The last straw: whether the code is optimized is far out of your hands. If the code isn’t minified, concatenated, or well-written then you’re out of luck.
The Speed of Light
One must empathize with light; to blaze through air at a blistering 299,700 km/s and have fleshy meatbags call you slow. But it’s the truth! The speed of light is a limitation on the speed of your applications. Data can travel no faster than the speed of light.
The distance from Australia to Vancouver is 13,192km. If you’re travelling by passenger airplane at about 600km/h it would take you 18h25m to go one way or 36h50m for a round-trip. If you’re a photon of light zooming at 299,700 km/s, a one-way trip takes 44.0038 milliseconds, the round-trip taking 88.0076 milliseconds.
Our minds cannot comprehend this speed but they sure can comprehend the drudgery of a slow web-page. Returning to the Armour of TLS; if we have three round-trips in our handshake, that means TLS has a theoretical optimal speed of 264.0228ms between Vancouver and Australia.
JetPacks for Everyone!
When you connect an application to Fly, you connect to a global Application Delivery Network. You weave all of your applications, services, and backends that are hosted in one place through edge-servers spread around the globe.
Each edge-server provides HTTP/2 and shortens the distance required to facilitate a TLS handshake. One less trip and shorter trips leaves more time available in your latency budget for your application. As for the speed of light, well… you can either double the speed of light or half the distance you need to travel. We chose the latter option, the limits of physics abiding earthbound mortals, and so forth.
Curious how to take advantage of HTTP/2? We’ve written upon that topic!
Each edge-server is a reverse-proxy fluent in application logic. Given the relative restrictions within a proxy, the type of code that can be ran and the information the code has access to is much more limited. The attack vector is not as exposed as the browser client and everything is isolated within one site, instead of forked off into dozens hiding behind the scripts.
Fly is a platform that helps you build and launch dynamic applications to users around the world. You can pack all of your things on One Hostname, plug-in powerful, and serve your pages at blazing speeds from a global HTTP/2 and HTTPS network!
Fly started when we wondered “what would a programmable edge look like”? Developer workflows work great for infrastructure like CDNs and optimization services. You should really see for yourself, though.