Impacts of Encryption Everywhere (any solution?)

Mon May 28 14:50:01 UTC 2018

That is super interesting. While one can Internet fine at 5Mbps (save for
streaming UHD movies maybe), I am not convinced 1Mbps can be successfully
shared even if there was no encryption anywhere.
My understanding is that some enterprises do decrypt traffic in flight with
proxies such as bluecoat, though I'm not sure on the particulars of how
that works. I think the overall theory is that the proxy acts as a trusted
CA for all its client and generates the certificate for the destination
hostname on the fly thus terminating the SSL connection and opening new one
on behalf of the client. I do, however, recall that the solution is not
cheap. Neither $ nor computationally or, I'm guessing, in case of a village
if they can't get anything faster than 1Mbps, can they even get power to
run a couple (does the proxy uptime matter?) of proxies of heavy compute?

Another concern would be that caching implies the whole village visits the
same content. I'm not even confident me and wife visit the same content
(save for gmail maybe).

And lastly, most modern websites are very media rich. Unless the whole
village confines their usage to wikipedia.org, I can't imagine that the
experience will be pleasant in anyway or form or there will be any benefit
to caching.

Save for the SSL proxy mentioned above, I have seen folks pull several
crappy DLS connections (Let's say ~1Mbps each) and band them together. If
the provider support the bonding option, great! If not, I've seen folks
basically per flow load balance across the 4 connections.

-Andrey

--Andrey

On Mon, May 28, 2018 at 4:23 PM, Mike Hammett <nanog at ics-il.net> wrote:

> Has anyone outside of tech media, Silicon Valley or academia (all places
> wildly out of touch with the real world) put much thought into the impacts
> of encryption everywhere? So often we hear about how we need the best
> modern encryption on all forms of communication because of whatever scary
> thing is trendy this week (Russia, NSA, Google, whatever). HTTPS your
> marketing information and generic education pieces because of the boogeyman!
>
> However, I recently came across a thread where someone was exploring
> getting a one megabit connection into their village and sharing it among
> many. The crowd I referenced earlier also believes you can't Internet under
> 100 megabit/s per home.
>
> Apparently, the current best Internet the residents of the village can get
> is 40 kilobit/s. Zero oversubscription gets a better service to up to 25
> homes. Likely that could be stretched to at least 50 or 100 homes and be
> better than what they currently have. Forget about streaming video, let's
> just focus on web browsing and messaging.
>
> However, this could be wildly improved with caching ala squid or something
> similar. The problem is that encrypted content is difficult to impossible
> for your average Joe to cache. The rewards for implementing caching are
> greatly mitigated and people like this must suffer a worse Internet
> experience because of some ideological high horse in a far-off land.
>
> Some things certainly do need to be encrypted, but encrypting everything
> means people with limited Internet access get worse performance OR
> mechanisms have to be out in place to break ALL encryption, this
> compromising security and privacy when it's really needed.
>
> To circle back to being somewhat on-topic, what mechanisms are available
> to maximize the amount of traffic someone in this situation could cache?
> The performance of third-world Internet depends on you.
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>