Re: Draft finding - "Transitioning the Web to HTTPS"

I'm struck that much of the discussion is about the Web as it is today in 
2015. Just 10 or 15 years ago, the ration of costs of long haul to local 
networks was such that many organizations (e.g. my employer at the time, 
IBM) ran proxies near the corporate/public Internet boundary, and perhaps 
elsewhere internally also. In many parts of the world that cost ratio has 
changed such that proxies are less important, and we are engaged in a 
debate as to whether they need no longer be well supported by the Web 
architecture. Question: what is our level of confidence that in future 
years technology changes won't alter the cost ratios to make proxies 
desirable once again?

Some of the choices we make here affect how things are named, as well as 
the protocols by which they are accessed. If we recommend that most or all 
resources be named with https-scheme names, then it becomes much harder to 
re-enable proxying should that later become desirable.

Whatever the final answer we choose, I we should remember that changes 
affecting the naming of resources have effects over decades, not just 
years. They are in that sense very hard to undo. Overall, we should have 
high confidence that the choices we make now are good gambles for well into 
the 21st century, not just for 2015-2020.


Received on Friday, 9 January 2015 17:17:30 UTC