Just an interesting observation I had about this once when I noticed that kernel quic implementations weren&#x27;t very fast.KTLS is mostly useful if paired with sendfile (I&#x27;m ignoring io_uring because I&#x27;m not as up to date on that). Otherwise you have to context switch back to userspace constantly.

To prevent a browser mixed content warning maybe (I didn&#x27;t attend the presentation: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=WzfADu1qyAM" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=WzfADu1qyAM</a>). Apparently 15% of Netflix viewing happens in browsers.Inside an Apple TV app, the default requires TLS 1.2 or later and while exceptions are apparently allowed (including for media streaming) they are discouraged and require a justification for App Store review: <a href="https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;security&#x2F;preventing-insecure-network-connections" rel="nofollow">https:&#x2F;&#x2F;developer.apple.com&#x2F;documentation&#x2F;security&#x2F;preventin...</a>

wait till you hear about what smart tvs do..

Stops Comcast from seeing the metadata and knowing exactly what their mutual customers are streaming.

It seems like it took engineering work, but TLS isn&#x27;t their bottleneck when the data flow is structured correctly for the hardware (which is kind of the thesis of a lot of the Netflix CDN node optimization stuff).

Assuming the files are encrypted anyway for DRM reasons: why should static content like movies be TLSed? I know I know, &quot;TLS all the things&quot;, but it sounds like a high cost at Netflix scale.

Serving Netflix Video Traffic at 400Gb/S and Beyond (2022) [pdf]