Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:99977
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94741 invoked from network); 20 Jul 2017 17:34:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Jul 2017 17:34:57 -0000
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain lerdorf.com designates 209.85.218.46 as permitted sender)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 209.85.218.46 mail-oi0-f46.google.com  
Received: from [209.85.218.46] ([209.85.218.46:35667] helo=mail-oi0-f46.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 67/5B-02884-DB9E0795 for <internals@lists.php.net>; Thu, 20 Jul 2017 13:34:55 -0400
Received: by mail-oi0-f46.google.com with SMTP id 191so32691861oii.2
        for <internals@lists.php.net>; Thu, 20 Jul 2017 10:34:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lerdorf-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=EJblQfAxdyrf6M0TX22fueycfigtjQOf4wYwUUDxQUQ=;
        b=tmUUrnBAdW70+a3FcQDvPTfXI8if9V88pLqM31gHmIPFPsuSU3i1Y3UvX7hYP5J3Hj
         ju85TqMFPLHwixtBv+9g31m0aQIhawvnyDCsIg4nxs7+pRxLV8c54bxTKzNBPOzxjSAi
         +7aR6O8enBy9BRSrHbwA8vn9UsZseGcPXmHHrLQhGrRI+XZFjjhacQlJpZTmMtZFfiyi
         fo4Kx6GfJlZm8tVoOIv2jXnVYwyMzPMr1nnu1FM1KTS34eZU2sR5rmY+vE/B/8Avcn5r
         ovwMRj7GwXO+hI9JzZgL5fo4vhW7bx4fTG2muxifIV7Bdgct8Im6mu/7kmJLbwC14A60
         Jj/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=EJblQfAxdyrf6M0TX22fueycfigtjQOf4wYwUUDxQUQ=;
        b=p6x9ron6qHb2KXTz/zloyKHYGvWN0llfLDKszwpjcj8+9bzacG2EkNecVf5UUbAyeA
         s0BcEQPwSNCkk0WYo3YNDJII8mQhIuYnZNDspdMiiKgCuQI7JZs0kV9JAZHZAJs2ZqOp
         59BoVp7I9qQf08A7GLHMPliQt5jm/Zh3ynvI/axGQI2S4eNh4AlevTCg06SHYc+K/a1/
         Wr6qykzqqIESwpKRJfEtu9fMMaUIhnBPsku1Gni3tco+JD4NeCtNtHwilzmlaTDYXlDc
         wCeywdFsjRE4NnNXkHB8qXwii566oGz6ex7/DVmzAfQbNWGylsBEvpTmuQ48xg64fx5X
         h6KQ==
X-Gm-Message-State: AIVw110p6ZL+jK1BRjmHXgde7RWFZT8pPQ0gy/yQk9QhQWtnDGZ3uJaU
	hkC8sdzC7iDUJ3vz4u7WN0wN7qx+Q6dk
X-Received: by 10.202.82.200 with SMTP id g191mr137359oib.199.1500572090529;
 Thu, 20 Jul 2017 10:34:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.28.5 with HTTP; Thu, 20 Jul 2017 10:34:09 -0700 (PDT)
In-Reply-To: <B9DD1E6D-2370-4407-A40B-1BB6F67FA72D@koalephant.com>
References: <CA+aNembkpeU+vTX0dr1r_NuPZkKu4Da2rMTbS3RWk2eSacF_KA@mail.gmail.com>
 <CAESVnVrCndhLSuxZzNp5xqQLp8SC0wGSDAq8cjH+fRew-cCf1g@mail.gmail.com>
 <CANUQDCjB9UY8jTmmp43bQAW_9xJnoMbREN1zOQh1LubTfO4C-w@mail.gmail.com>
 <CACXBjuiL_=-qy53BWbB31_t_XJXqBguwVToS9bV=2K2np+zaRA@mail.gmail.com> <B9DD1E6D-2370-4407-A40B-1BB6F67FA72D@koalephant.com>
Date: Thu, 20 Jul 2017 13:34:09 -0400
Message-ID: <CACXBjuh_mpQouPMSFra4t3p_3LaiDCtb6FTiBoq3AF9qONofQQ@mail.gmail.com>
To: Stephen Reay <php-lists@koalephant.com>
Cc: Niklas Keller <me@kelunik.com>, Sara Golemon <pollita@php.net>, 
	Mathias Grimm <mathiasgrimm@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="001a113b04686a9b8c0554c32a2f"
Subject: Re: [PHP-DEV] php.net website
From: rasmus@lerdorf.com (Rasmus Lerdorf)

--001a113b04686a9b8c0554c32a2f
Content-Type: text/plain; charset="UTF-8"

On Wed, Jul 19, 2017 at 11:59 PM, Stephen Reay <php-lists@koalephant.com>
wrote:
>
> Does it need to be geo-dns, or could it instead be "geo-http" - a small
> number of servers responding to (www.)?php.net, which then respond with
> http redirects based on client ip. This is similar to how Debians "new"
> mirror service works for apt repos.
>
>
> I know it would be very nice to have the URLs stay as php.net (no CCn.
> Prefix) but anything else simple is going to involve tls certs for the base
> domain on servers the project doesn't control.
>
> The only other option I can see, would be to use "keyless" tls. It's
> described pretty well by CF here: https://www.cloudflare.
> com/ssl/keyless-ssl/
>
> Unfortunately I don't know that cf have open sourced their nginx&openssl
> patches to make them talk to a remote key server.
>

I did look at the stuff from Cloudflare last year, but at the time they
hadn't opened enough of it to implement.

And it is really nice to have www.php.net be fast and low-latency from all
over the world. Even the initial request. We are quite spoiled in Europe
and North America with our fast peering. But in many other parts of the
world, even if the local connection is fast, getting to a server in
N.America is quite slow. but yes, eventually we may have to give up on
geo-dns if we can't find a decent way to layer https on top of it.

-Rasmus

--001a113b04686a9b8c0554c32a2f--