Re: Draft finding - "Transitioning the Web to HTTPS" from Chris Palmer on 2015-01-05 (www-tag@w3.org from January 2015)

From: Chris Palmer <palmer@google.com>
Date: Mon, 5 Jan 2015 10:56:52 -0800
To: Tim Berners-Lee <timbl@w3.org>
Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Public TAG List <www-tag@w3.org>
Message-ID: <CAOuvq20PC4tvnzzSvjJgSwWpYx984LJFXEBru4F5KdLk5_7mGA@mail.gmail.com>

On Mon, Jan 5, 2015 at 3:04 AM, Tim Berners-Lee <timbl@w3.org> wrote:

> As it happens I just talked to someone who runs a small remote island with
> about 400 people.
> I didn't ask but he brought it up of his own accord, that with everyone on
> wifi and a (17Mb/s ?17MB/s ? he wasn't sure) link supporting everyone, he
> had been recommended and was planning to install a commercial island-wide
> web proxy cache product, as he felt a lot of people watched the same movies.

In this specific case, I don't see a problem. He can say, on a web
page at https://small-island.org or in an email,

"""
Hello, my fellow Small Islanders. So, as you know, we have a
low-bandwidth link, and YouTube is getting slower now that our
transparent cacheing proxy doesn't work as much. So, I'm going to
install a non-transparent proxy that can proxy even the secure
connections to sites like YouTube.

In order for this to work, you'll have to explicitly set your browser
to use my proxy, and you'll have to add its security certificate to
your computer. The up-side of this is that you can get faster YouTube;
the down-side of this is that you have to trust me not to spy on you.

You might also like to install the proxy in 1 account or profile to
get the speed benefits, and not install it in another account or
profile to stay private. You could have a video profile and an email
and banking profile, for example. If there's enough interest in that,
I'll write up a tutorial.

To make it easier to install the proxy, I've written a small .BAT file
that automates setting the proxy and trusting the certificate. You can
get it at https://small-island.org/install-proxy.bat.

Let me know if you have any questions! Thanks,
--- Al, your Small Island tech support friend
"""

Obviously, the .BAT file should be distributed by secure means only. :)

People can make a choice. It will require Al to write or find a
script. A community of 400 people is small enough for this to be
manageable.

I'm approaching this problem in a utilitarian way: we need to make the
web as safe as we can as often as we can for as many of the billions
of people in the world as we can.  If 400 people have to consider
running a shell script so that being safer can be easier for the other
billions, that's an easy trade-off to make and this edge case should
not loom large in our minds.

Received on Monday, 5 January 2015 18:57:19 UTC