On Fri, May 1, 2015 at 1:25 AM, Richard Barnes <rbar...@mozilla.com> wrote: > 3. HTTP caching is an important feature for constrained networks.
I think it important to emphasize that the affected case is shared caching in the form of forward proxies. https doesn't prevent caching in the browser or caching on site-chosen caching nodes (CDNs). (I know you know this; this paragraph is for the mailing list.) Whether shared caching in forward proxies is indeed an important feature hasn't been properly shown in this thread. To bring a data point to the thread, data from the network of the University of Edinburgh (http://www.ltg.ed.ac.uk/~ht/HST_noREST.pdf ; skip forward to PDF page 14) indicates that even without the action proposed in this thread to deprecate insecure HTTP, the hit rate in the university's shared cache is already rather low and getting lower. Obviously, university networks in Europe don't count as constrained, but this is likely a best-case scenario of cache hits, since this is a network whose users one might imagine to have more of a common set of interests in their use of the network (due to being part of the same organization) than users who have no organizational commonality and only have locational commonality. I think without empirical evidence showing the *current* (as opposed to arguments from 20 years ago) importance of shared caching on the supposed "constrained networks"--i.e. empirical evidence showing that the shared cache hit rate is is a make-or-break deal for actual present-day networks where the bottleneck is between the ISP [the location of the shared cache] and the backbone and the bottleneck can't be fixed e.g. by lighting up more fiber--it doesn't make sense to put effort into building complications that seek to preserve shared caching in the encrypted future. > 5. It may be productive to take some interim steps, such as placing > limitations on cookies stored by non-HTTPS sites. Forgetting insecure cookies when quitting Firefox is now https://bugzilla.mozilla.org/show_bug.cgi?id=1160368 -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
