HTTPS-everywhere vs. proxy caching

Richard Barnes rlb at ipv.sx
Fri May 3 19:58:00 UTC 2013


On Fri, May 3, 2013 at 3:33 PM, Wes Felter <wmf at felter.org> wrote:

> On 5/3/13 2:06 PM, Jay Ashworth wrote:
>
>> It occurs to me that I don't believe I've seen any discussion of the
>> Unexpected Consequence of pervasive HTTPS replacing HTTP for
>> unauthenticated
>> sessions, like non-logged-in users browsing sites like Wikipedia.
>>
>> That traffic's not cacheable, is it?
>>
>
> This has been discussed over the last year in the IETF HTTP WG in the
> context of SPDY and HTTP 2.0. Today this traffic is not cacheable. Some
> people are proposing to have a mode that is end-to-end secure and shows the
> lock icon in the browser and a different mode that uses SSL to the cache
> and SSL from the cache to the origin and doesn't show a lock.
> For networks that have traffic inspection "requirements" (e.g.
> education/enterprise) there has also been discussion about a signaling
> protocol for the network to indicate to browsers that all non-proxied
> traffic will be dropped. Transparent proxies are evil and one of the goals
> of HTTP 2.0 is to make proxies visible to the browser/user so they can
> choose whether to consent to having their traffic proxied.
>
> --
> Wes Felter
>

Thanks for the summary, Wes.

If operators have thoughts on this issue, there is still discussion going
on about HTTP/2.0.  As Wes notes, HTTP/2.0 is going to have a strong
emphasis on TLS, as with SPDY.    Please send comments to the WG mailing
list:
<http://tools.ietf.org/wg/httpbis>
<http://lists.w3.org/Archives/Public/ietf-http-wg/>

Cheers,
--Richard


More information about the NANOG mailing list