costinm
commented
1 year ago It's a bit more complicated - encryption can be done bellow L3 ( IPsec, wireguard ) or at L7 for https - TLS may seem to be a TCP thing, but the real important feature is identity verification which is L7. Without the SAN and domain cert - https would be broken, and that's from the HTTP request.
The good news is that a lot of libraries and apps - and almost all new protocols - have proper TLS and security built-in.
Proxy Layers | howardjohn's blog
The OSI model attempts to build a model for network communications, where increasingly high level layers are built upon lower layers. This is only slightly useful in practice, as the real world is not so simple. In service mesh, generally discussion is reduced to L4 and L7, or TCP and HTTP. This oversimplifies the problem, leading to some confusion. Thinking in terms of termination Simply saying "HTTP" is not really clear about what is going on.
https://blog.howardjohn.info/posts/proxy-layers/