Re: Backwards compatibility from Adrien W. de Croy on 2012-04-04 (ietf-http-wg@w3.org from April to June 2012)

From: Adrien W. de Croy <adrien@qbik.com>
Date: Wed, 04 Apr 2012 09:25:41 +0000
To: "Roberto Peon" <grmocg@gmail.com>, "Amos Jeffries" <squid3@treenet.co.nz>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em93654f41-92c1-4537-98f0-ffd41b619040@boist>

  

Do Google (or anyone else) have any good stats on:
  
a) how many websites there are
b) on how many servers/IPs
c) how many are currently using SSL
  
Just so we can maybe start to get a feel for what the increase in 
burden would be on the cert validation infrastructure...
  
Adrien
  

------ Original Message ------
From: "Roberto Peon" <grmocg@gmail.com>
To: "Amos Jeffries" <squid3@treenet.co.nz>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 3/04/2012 7:13:34 p.m.
Subject: Re: Backwards compatibility
>
>
>On Mon, Apr 2, 2012 at 7:28 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:
> On 03.04.2012 09:32, Roberto Peon wrote:
>  On Mon, Apr 2, 2012 at 10:56 AM, Peter Lepeska wrote:
>  
>   Big bites do seem to go down easier than lots of little ones. The 
>   problem
>   is that SPDY is eating *two* shit sandwiches, trying to make the 
>   web  
>   both fast and secure, at the same time. This bite is more than most 
>   can
>   chew and so adoption will be much slower b/c of the SSL 
>   requirement, in my
>   opinion.
   
   
   Really? I'd say it was two delicious ingredients, personally. I also 
   think
   that assuming that deployment is greatly suffering is not validated 
   by
   real-world experience.
   
  
  in the past few months there has been a noticeable increase in 
  queries about:
  * how to decrypt CONNECT tunnels to port 443
  * how to implement MITM of port 443 for filtering
 
 The former of these has nothing to do with current SPDY deployments.
 The latter could, but is likely for significantly more than just SPDY.
  
  
  followed shortly after by:
  * how to force port-443 traffic through the proxy without breaking 
  non-HTTPS traffic on that port
  * how to decrypt CONNECT traffic without breaking VoIP tunnels and 
  other non-HTTPS CONNECT traffic
  * how to force https:// to http:// by the browser, then reverse it at 
  the proxy outgoing to https://
  * how to force http:// to https:// by the browser, then reverse it at 
  a proxy outgoing to http:// again
  
  then more recently these have started coming in:
  * why some recent browsers are doing things without being logged by 
  proxy monitors (use of SPDY/WebSockets connections?)
  
  Now you tell us there is no suffering...
 
 None of these requests is SPDY specific. All of them could be 
 correlated with various sites switching to actually using HTTPS 
 traffic.
 
 I said that it doesn't appear to be hampering deployment.
 
 -=R
  
  
  AYJ

Received on Wednesday, 4 April 2012 09:26:00 UTC