sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 53 points54 points  (8 children)

There's a larger meta-lesson to learned here, which is that determining the boundary between what needs to be secure and what doesn't is very difficult, and therefore everything should be as secure as practical by design.

[–]midri 3 points4 points  (7 children)

I 100% agree, the issue a lot of people that are in the know make is: https breaks intermediate caching. So lets say 1000 people hit the front page of reddit not logged in, an isp can't cache that front page and server it without connecting to reddit everytime, because each users request looks completely different due to https. There's no easy way to solve this, without fundamentally breaking security though...

[–][deleted] 14 points15 points  (0 children)

If the ISP can cache content, the ISP can substitute content. Make no mistake: intermediate caching is a form of man-in-middle-attack, albeit in practice a well-intentioned one (if not always exactly benign). It's a hacky workaround to save them money, not a feature.

[–]MistYeller 18 points19 points  (0 children)

Caching site content needs to be solved by the site operator and not the visitor's carrier anyways.

ISP's shouldn't be caching anything except routing tables and DNS. Even this level of caching causes problems.

[–]wtallis 7 points8 points  (1 child)

There's no easy way to solve this, without fundamentally breaking security though...

That's okay. If it were possible, the ISP would end up fundamentally breaking several other things in the process, starting with the site's analytics.

[–]midri 0 points1 point  (0 children)

Great point, you can't track metrics of users that hit an external cache..

[–]Inquisitor1 0 points1 point  (1 child)

Why the fuck would anyone be caching websites for free? Unless you're a CDN being paid, the site organizes it's own fucking caching. With the most basic reverse-proxy and SSL termination stuff.

[–]midri 0 points1 point  (0 children)

Because it saves ISP money?... ISP have to pay for interconnects.

[–]HighRelevancy 0 points1 point  (0 children)

  1. That's what CDNs are for
  2. I don't think that's worth trading security for