W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Fri, 19 Dec 2014 14:25:00 -0700
To: David Singer <singer@apple.com>
Cc: TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <20141219142500.44e7485b5f30377e42641e5f@bisonsystems.net>
David Singer wrote:
> As I think many fear that if they go to HTTPS their users’ perceived
> performance will go to hell.  Since we have a CDN employee on the
> Tag, I expect that they can say more :-)

If perceived performance doesn't go all to hell today, I fear it will
when Net Neutrality is abolished. For now, despite Henri's data, I'm
still getting a benefit from architecting sites for shared caching (and
not needing to sign anyone's TOS to utilize that infrastructure, free
scaling and bandwidth reduction have their upsides).

What I worry about, is if that caching infrastructure is de-installed
due to non-use; then Net Neutrality goes away, and my only recourse to
keep latency down is paying for CDN service (or signing away my first-
born child), because public shared caching is simply no longer done.
Would we then look to bring it back, because it turns out REST is still
valid, particularly for the "slow lane"?

It would be a shame if those of us without big bandwidth budgets, have
to forego the scaling and latency benefits of shared public caching,
just when it's needed the most (to compete without paying for the "fast
lane" by having our websites retained by caches at the network "edges"
without paying for CDN, surely free providers would also be slow-lane);

I see my costs rising when the "fast lane" becomes a reality, if
there's no longer a public-shared-caching infrastructure on the Web.

> 4) A discussion of the point from web-sites “look, all my content is
> public, I have nothing to hide and hence nothing to secure” maybe
> needs addressing?  (“You may not, but you are exposing your
> customers/visitors by insisting on plain HTTP.”)

Yes. I don't use cookies, so I don't understand what I'm exposing
visitors to by stubbornly insisting on HTTP. My site visitors seem to
be at greater risk by using their CC's at Sony or Target or...

Received on Friday, 19 December 2014 21:25:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC