-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin,
On 8/24/12 8:43 PM, Martin Gainty wrote: > dont forget with PEM you will need to deploy a single-rooted PKI > http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail WTF are you talking about? No single-root is necessary: web servers support multi-rooted PKI all the time (they are called "Certificate Authorities"), and most web servers (or the OSs on which they run) ship with an unbelievably-long list of CA roots (and intermediate certs) from which you can get a valid server certificate. > IMHO: If the certificate from the CA Authority is a X.509 cert use > DER http://en.wikipedia.org/wiki/Distinguished_Encoding_Rules If you want to be able to read the certificate with your own eyes, stick to PEM: it makes it much easier to do things like have multiple certificates in a single file (say, for adding intermediate certs required by your CA). > Christopher Schultz wrote: >> As always, benchmark your own environment and don't let anybody >> else tell you what is or is not faster. > > PEM is faster only if you have a single-rooted PKI Server-client > operational..UGH.. I don't think anyone is concerned about how long it takes to decode a 1 kilobyte file a single time over the life of a web server process. Once decoded, the encryption speed has nothing to do with the file format used to store the certificate(s) on disk. >> I'm fairly confident you'll see a significant performance >> improvement when switching to APR for both static content (in >> general) > > anyone can shark the static content I have no idea what you are talking about. >> and non-static content (over SSL). > > non-static content you'll want to protect Of course he'll protect non-static content. I was explaining that the APR connector will improve performance for both static content (because of the use of sendFile) and even non-static content because SSL is faster through APR as well. Seriously, please stop polluting this list with your incessant noise. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA7jM4ACgkQ9CaO5/Lv0PC5bQCeJKwaKFpmPlUdOE/bzwxK98Ua HQQAn26N38bVvgzfmPG6ewnHF9+5oVPy =3xR3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
