Re: The ability to automatically upgrade a reference to HTTPS from HTTP

On Aug 23, 2014 12:33 AM, "Noah Mendelsohn" <nrm@arcanedomain.com> wrote:
>
>
>
> On 8/22/2014 1:00 PM, Tim Berners-Lee wrote:
>>
>> There is a massive and reasonable push to get everything from HTTP space
into HTTPS.
>
>
> How concerned should we be about reductions in the effectiveness of the
Web's caching infrastructure when this happens? I really am not up on the
numbers these days, and I wouldn't be surprised if the growth of network
bandwidth and computing power makes that less of an issue that it would
have been years ago. Still, I'd be curious to know whether we have
quantitative information about the likely impact.

If search engines answered the question "are the contents of http:foo and
https:foo different", we could evaluate the impact of having one fill the
cache for the other. I note that Firefox already does that implicitly in
that entering http:foo in the location bar after you've already visited
https:foo will lavishly redirect you to https:foo. (I in fact find this a
bit irksome as I frequently want to copy http: links out of the referenced
page.)

Sites could advertise whether http:foo and https:foo were *different* by
adding a Vary: header for an implied header like Is-SSL:. Of course this
opt-in approach won't address conventional sites which already
differentiate http:foo and https:foo. An explicit header like
Is-Identical-In-HTTP-And-HTTPS: header would be safer, but wouldn't
leverage the existing Vary: infrastructure.

Do we have any agents at search engines who can assess the impact of Tim's
proposal and say whether more conservative measures are required (on the
part of the web they can see)?

> Noah
>

Received on Saturday, 23 August 2014 03:03:17 UTC