W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Henri Sivonen <hsivonen@hsivonen.fi>
Date: Fri, 9 Jan 2015 18:42:34 +0200
Message-ID: <CAJQvAucau=ciro9=4VGAxRT-Mc-9=9BO=+DD5fduFOvVOU0aWA@mail.gmail.com>
To: Tim Berners-Lee <timbl@w3.org>
Cc: Public TAG List <www-tag@w3.org>
Tim Berners-Lee <timbl@w3.org> wrote:
>> Thank you for bringing this up.
>> It seems to me that there is a pattern that people find the theory of
>> forward proxies architecturally appealing and then try to find use
>> cases that fit the architecture.
> I don't see a pattern.
>> The previous hobbyhorse of this kind
>> was "transcoding proxies". No one had really seen one (*reverse*
>> proxies and origin servers don't count) or had a personal need for one
>> but they were believed to exist Over There in Russia and it was
>> supposedly important to design protocols and formats to cater to them
>> (even though the more reasonable protocol design choice was for
>> everyone to use UTF-8 and not transcode anything--and even failing
>> that, browsers have built-in support for a whole bunch of Cyrillic
>> legacy encodings, so there is no need for intermediaries to transcode
>> anyway). People making this argument weren't themselves from Russia,
>> of course. Hence, "Over There".
>> It seems that Africa has taken Russia's place as Over There where
>> theoretical use cases for the pre-supposed proxy architecture might
>> lurk.
> But do you have any more basis for your beliefs than they do for theirs?

The question "Can the Web work well without forward proxies?" is a
question that can be answered with "Yes" by showing one place where
the Web works quite well without forward proxies. However, the
question "Does there exist an environment where forward proxies are a
necessary condition for the Web to work well?" is a question that
can't be answered with "No" by showing a finite number of examples.

So I need to recognize that that "they" have a position that can't be
shown wrong by example. That doesn't by itself mean "their" position
has to be bogus, but it does follow that it's reasonable not to
believe "their" position based on not 100% proof but on weighing
evidence or the relative lack thereof.

Also, it's worth noting that it's not necessary to establish belief in
the absolute absence of circumstances where a forward proxy might be
worthwhile. It's enough to establish a belief that such circumstances
are enough of a fringe case not to be worth designing for.

I have personally witnessed that the Web can work quite well without
forward proxies--it works well (both in wired and mobile forms)
without forward proxies where I live. Now, where I live doesn't fit
the expected circumstances where a proxy might be useful. A proxy
might be useful when the link from the ISP to the Internet backbone is
narrow, and even in the 90s when ISPs over here offered forward
proxies as an optional service, they didn't make sense because the
bottleneck was between the user and the ISP rather than the ISP and
the backbone so the proxy was on the wrong side of the bottleneck

And it's not just where I live: There are plenty of other places that
are similar. So much so that in a discussion like this, participants
typically can't point to where they live as evidence of the necessity
of forward proxies but appeal to some "over there".

But where, in the mailing list discussions, are the people who do live
in a place that's remote such that the bottleneck is between the ISP
and the backbone? If there's a link to the backbone at all, email
works, so the circumstances don't technically rule out participation
in discussions like this one.

One has to wonder: If people in these discussions typically can't
point to their own environment to show concrete examples of the
necessity of forward proxies, why is that? If there are people using
the Web in environments where forward proxies are a true necessity,
why don't those people show up in these discussions to speak for
themselves? So instead of theorizing about proxies, we tend to get
second-order theorizing about why with this network that allows anyone
from anywhere to post, people who supposedly have the use case don't
show up and post first-hand to remind us how important it is.

In particular, even if one theorized some strong systemic bias that
caused people who live in places that are remote (relative to the
Internet backbone) not to hang out on mailing lists such as this one,
if a large enough population of people that it's worthwhile to design
Web architecture for (no, I'm not going to state a minimum number of
people with a use case to make it worthwhile to design for) lives in
such circumstances, even if the systemic bias against showing up to
tell the story was strong, one would expect *someone* to shop up
*every once in a while*. To explain the stark rarity of first-hand
witness testimony, one would have to postulate a *devastatingly*
strong bias against participation in discussions such as this one
going hand in hand with being remote from the Internet backbone.
(Surely someone has to be running the ISPs and one would think whoever
is running the ISPs would want to make their needs known.)

So the basis I have is that my belief of forward proxies being (with
enough precision need to have an opinion of what should be designed
for) in the YAGNI category is supported by the preponderance of people
who show up to discuss the matter not personally needing a forward
proxy while it's remarkably rare for the opposite belief to be
supported by first-hand testimony of someone for whom forward proxies
are essential.

> As it happens I just talked to someone who runs a small remote
> island with about 400 people.

I realize that your source may have a privacy interest in having the
island go unnamed, but this kind of framing leads to unverifiable

> I didn't ask but he brought it up of his own accord, that with
> everyone on wifi and a (17Mb/s ?17MB/s ? he wasn't sure) link
> supporting everyone, he had been recommended and was planning
> to install a commercial island-wide web proxy cache product,
> as he felt a lot of people watched the same movies.

It's worth noting that this isn't evidence of forward proxies actually
conferring the benefits they are theorized to confer. In this case, it
has merely been suggested that they might work in this case assuming
that the guess that people what the same movies is correct enough and
the bits for those movies don't fail to be cacheable in a useful way
(even for reasons unrelated to https).

It would be very interesting to hear back if installing an island-wide
proxy ends up making a useful difference.

But even if this case turned into existence proof of the forward proxy
use case being real, I'd still (similar to Harry) make the value
judgment of prioritizing lesser surveillability of basically everyone
who has access to the Web over better movie access for the special
case of a very small number of people on an island. (Of course, easy
for me to say, since I don't live on the island.)

Henri Sivonen
Received on Friday, 9 January 2015 16:43:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC