It wasn’t easy, but Netflix will soon use HTTPS to secure video streams

Flojo

Expert Member
Joined
Sep 24, 2009
Messages
1,911
Reaction score
412
http://arstechnica.com/security/201...-will-soon-use-https-to-secure-video-streams/

Netflix will soon use the HTTPS protocol to authenticate and encrypt customer streams, a move that helps ensure what users watch stays secret. The move now leaves Amazon as one of the most noticeable no-shows to the Web encryption party.

Flipping on the HTTPS switch on Netflix's vast network of OpenConnect Appliances (OCAs) has been anything but effortless. That's because the demands of mass movie streaming can impose severe penalties when transport layer security (TLS) is enabled. Each Netflix OCA is a server-class computer with a 64-bit Xeon CPU running the FreeBSD operating system. Each box stores up to 120 terabytes of data and serves up to 40,000 simultaneous, long-lived connections, a load that requires as much as 40 gigabits per second of continuous bandwidth. Like Amazon, Netflix has long encrypted log-in pages and other sensitive parts of its website but has served movie streams over unsecured HTTP connections. Netflix took the unusual step of announcing the switch in a quarterly earnings letter that company officials sent shareholders Tuesday.....
 
Probably a more realistic concern is how it will affect devices like Smart TVs with bespoke Netflix apps. My suspicion is that encryption will be optional (i.e. they will allow you to disable it at account level) to allow legacy support, at least in the beginning.
 
Why would it?
You still connect TCP to the CDN node. Just now it's TLS encrypted, not plaintext.

DNS provider must do certain decryption on their proxies from what we're seeing on our side. Unotelly need to be on the ball with this one.
 
DNS provider must do certain decryption on their proxies from what we're seeing on our side. Unotelly need to be on the ball with this one.

So i wonder, if Uno has to do some decryption and re- encryption to support this we might potentially have a phase of SSL errors etc if they don't get it right the first time?

Edit: Aren't there already other services that Uno supports which have SSL on the streams? Seeing they already support proxying to the services's SSLed home pages without VPN (except Roku .com :p)
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X