Impacts of Encryption Everywhere (any solution?)

• Previous message (by thread): Impacts of Encryption Everywhere (any solution?)
• Next message (by thread): Impacts of Encryption Everywhere (any solution?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The increase in the subscriber base increases the likelihood of visiting the same content and thus the benefit. 

Before HTTPS-everywhere, caching was hugely beneficial. 

Currently they are making do with 40 kilobit/s, so it's certainly possible to Internet at that level. Just looking at ways the service can be even that much better. 

If they only have single digit megabit/s of Internet, you don't need multiple systems to add\drop the encryption. While I don't have anything to back this up, I'd suspect a couple hundred dollar single board computer (since session border controller seems to be a more popular use of the acronym SBC) would be sufficient. I'm not overly intimate with that space, but some little ARM-based machine could probably do it just fine. Move that to hundreds of megabit/s or gigabit/s and your concern is certainly much more relevant. 





----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Andrey Khomyakov" <khomyakov.andrey at gmail.com> 
To: "Mike Hammett" <nanog at ics-il.net> 
Cc: "NANOG list" <nanog at nanog.org> 
Sent: Monday, May 28, 2018 9:50:01 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 


That is super interesting. While one can Internet fine at 5Mbps (save for streaming UHD movies maybe), I am not convinced 1Mbps can be successfully shared even if there was no encryption anywhere. 
My understanding is that some enterprises do decrypt traffic in flight with proxies such as bluecoat, though I'm not sure on the particulars of how that works. I think the overall theory is that the proxy acts as a trusted CA for all its client and generates the certificate for the destination hostname on the fly thus terminating the SSL connection and opening new one on behalf of the client. I do, however, recall that the solution is not cheap. Neither $ nor computationally or, I'm guessing, in case of a village if they can't get anything faster than 1Mbps, can they even get power to run a couple (does the proxy uptime matter?) of proxies of heavy compute? 


Another concern would be that caching implies the whole village visits the same content. I'm not even confident me and wife visit the same content (save for gmail maybe). 


And lastly, most modern websites are very media rich. Unless the whole village confines their usage to wikipedia.org , I can't imagine that the experience will be pleasant in anyway or form or there will be any benefit to caching. 


Save for the SSL proxy mentioned above, I have seen folks pull several crappy DLS connections (Let's say ~1Mbps each) and band them together. If the provider support the bonding option, great! If not, I've seen folks basically per flow load balance across the 4 connections. 


-Andrey 





--Andrey 

On Mon, May 28, 2018 at 4:23 PM, Mike Hammett < nanog at ics-il.net > wrote: 


Has anyone outside of tech media, Silicon Valley or academia (all places wildly out of touch with the real world) put much thought into the impacts of encryption everywhere? So often we hear about how we need the best modern encryption on all forms of communication because of whatever scary thing is trendy this week (Russia, NSA, Google, whatever). HTTPS your marketing information and generic education pieces because of the boogeyman! 

However, I recently came across a thread where someone was exploring getting a one megabit connection into their village and sharing it among many. The crowd I referenced earlier also believes you can't Internet under 100 megabit/s per home. 

Apparently, the current best Internet the residents of the village can get is 40 kilobit/s. Zero oversubscription gets a better service to up to 25 homes. Likely that could be stretched to at least 50 or 100 homes and be better than what they currently have. Forget about streaming video, let's just focus on web browsing and messaging. 

However, this could be wildly improved with caching ala squid or something similar. The problem is that encrypted content is difficult to impossible for your average Joe to cache. The rewards for implementing caching are greatly mitigated and people like this must suffer a worse Internet experience because of some ideological high horse in a far-off land. 

Some things certainly do need to be encrypted, but encrypting everything means people with limited Internet access get worse performance OR mechanisms have to be out in place to break ALL encryption, this compromising security and privacy when it's really needed. 

To circle back to being somewhat on-topic, what mechanisms are available to maximize the amount of traffic someone in this situation could cache? The performance of third-world Internet depends on you. 



----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

• Previous message (by thread): Impacts of Encryption Everywhere (any solution?)
• Next message (by thread): Impacts of Encryption Everywhere (any solution?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]