HTTPS-everywhere vs. proxy caching
Andrew Latham
lathama at gmail.com
Fri May 3 19:13:33 UTC 2013
On Fri, May 3, 2013 at 3:06 PM, Jay Ashworth <jra at baylink.com> wrote:
> It occurs to me that I don't believe I've seen any discussion of the
> Unexpected Consequence of pervasive HTTPS replacing HTTP for unauthenticated
> sessions, like non-logged-in users browsing sites like Wikipedia.
>
> That traffic's not cacheable, is it? Proxy caches on services like
> mobile 3/4G, or smaller ISPs, or larger corporations can't cache it, I
> wouldn't think, which means both that they will see traffic increases,
> and that the end sites will as well.
>
> Has this been discussed and I missed it? Do I improperly understand
> transparent caching? Or is this just a bomb waiting to go off?
>
> I assume that Wikipedia themselves are on top of the idea that their
> in-house reverse-proxies won't be carrying that traffic (though I don't
> actually know what their architecture looks like anymore), but..
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth Baylink jra at baylink.com
> Designer The Things I Think RFC 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
> St Petersburg FL USA #natog +1 727 647 1274
TLS/SSL can be applied at the loadbalancer/caching proxy for service
providers like Wikipedia. As you may already know products like
Apple's IPhone include CA that can allow groups like the DOD to do
chain-loading to allow their proxies to be MITM systems(super scary,
in more systems than the one mentioned.). Yes it is a bomb but only
from the ISP caching point of view, not the provider caching point of
view.
--
~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
More information about the NANOG
mailing list