Re: Draft finding - "Transitioning the Web to HTTPS"

On Fri, Jan 9, 2015 at 5:17 PM, Noah Mendelsohn <nrm@arcanedomain.com> wrote:
> I'm struck that much of the discussion is about the Web as it is today in
> 2015. Just 10 or 15 years ago, the ration of costs of long haul to local
> networks was such that many organizations (e.g. my employer at the time,
> IBM) ran proxies near the corporate/public Internet boundary, and perhaps
> elsewhere internally also. In many parts of the world that cost ratio has
> changed such that proxies are less important, and we are engaged in a debate
> as to whether they need no longer be well supported by the Web architecture.
> Question: what is our level of confidence that in future years technology
> changes won't alter the cost ratios to make proxies desirable once again?

Pervasive low-bandwidth and power/CPU constrained edge networks are
going to become very common. Smarter hub nodes with
minimal/intermittent uplink could profitably serve signed/hashed
resources in a proxy context for use cases where confidentiality is
not necessary and direct HTTPS authority is too heavy.

Is the Web going to be part of the "Internet of Things"?

> Some of the choices we make here affect how things are named, as well as the
> protocols by which they are accessed. If we recommend that most or all
> resources be named with https-scheme names, then it becomes much harder to
> re-enable proxying should that later become desirable.
>
> Whatever the final answer we choose, I we should remember that changes
> affecting the naming of resources have effects over decades, not just years.
> They are in that sense very hard to undo. Overall, we should have high
> confidence that the choices we make now are good gambles for well into the
> 21st century, not just for 2015-2020.
>
> Noah
>
>
>

Received on Friday, 9 January 2015 17:38:24 UTC