- From: Yves Lafon <ylafon@w3.org>
- Date: Thu, 8 Jan 2015 15:22:16 -0500 (EST)
- To: "Eric J. Bowman" <eric@bisonsystems.net>
- cc: Martin Thomson <martin.thomson@gmail.com>, Tim Berners-Lee <timbl@w3.org>, Henri Sivonen <hsivonen@hsivonen.fi>, Public TAG List <www-tag@w3.org>
On Tue, 6 Jan 2015, Eric J. Bowman wrote: > Martin Thomson wrote: >> >> Tim Berners-Lee wrote >> >>> If the videos are all https: then he won't be able to cache them, >>> except -- not to worry, the tools he buys will probably include >>> MITM attack tools, so in fact he *will* be able to cache things >>> after all. >> >> I think that it's a little sad that this is the only response we have >> to this situation. Of course we can break the encryption. It does >> instantly restore function to our existing toolchain. >> >> Or, we could apply ourselves to the problem and then maybe we can have >> both security AND caching. >> >> Jus' sayin'. >> > > +1 > > My point entirely. Eliminating caching in the name of security, > particularly if the result isn't secure, amounts to throwing the baby > out with the bathwater. It's a cop-out by the very insitutions folks > rely on to solve problems, not come up with cop-outs, regardless of how > marketable such cop-outs are to the gullible. It depends what "security" means here. Pervasive monitoring (aka sniffing), that should be resolved on a hop-by-hop encryption, or MiTM that requires end-to-end encryption. Having both hop-by-hop and end-to-end would have been nice, but as a word of caution, compression of payload body in HTTP could be done using Transfer-Encoding or Content-Encoding. Almost no UA implemented TE:, almost no servers implemented Transfer-Encoding apart from chunking. What is widely used is Content-Encoding, and not without bugs (like issues with ETag handling), so like for https, the end-to-end version wins as it is easier to deploy/debug/control. And saying that the only solution for people with poor bandwidth is to get rid of their security is not really satisfying. -- Baroula que barouleras, au tiéu toujou t'entourneras. ~~Yves
Received on Thursday, 8 January 2015 20:22:19 UTC