Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^3: SSL on PerlMonks

by perl-diddler (Hermit)
on Sep 15, 2017 at 23:16 UTC ( #1199492=note: print w/replies, xml ) Need Help??


in reply to Re^2: SSL on PerlMonks
in thread SSL on PerlMonks

Geez...that's more of an example of Google's "Let's be evil" new behavior than a case for using https:

I know that using https seriously impaired the caching on my home squid-cache. On https sites, the caching fell to zero on sites that used https to encrypt the setting.

It used to be that, depending on the site and site-type, I might get a 20-30% speed boost from my home cache mostly in lowering numbers of requests for common items like icons, style sheets and pictures. On news sites, I saw as much 30+%.

I've restored some or most of that by using an SSL-bump proxy to decrypt & store... visiting a few news sites & looking at my caching rates: 25% (396/1557) requests were served via local cache, with 21% (20MB/94MB) of the traffic-by-bytes. Since I don't have Gigabit fiber @ home, that saves a noticeable chunk of time.

My housemate noticed a major speed bump on You-Tube -- relating to the previews -- before, about 20 seconds/page, after, less than 2-3 seconds/page -- related to the previews (and the way they paged forward & back amongst the static preview images.

One of the best example types which I've hit more than once is downloading large CD and/or DVD images from large SW vendors due to my max disk-cache object size being 2GB. One time I pulled down a 700+MB image from Microsoft -- *TWICE* -- having forgotten about the previous download -- nearly 2 months before. Couldn't figure out how I could download such a large file @ 200-300MB/s -- until I found it had been served from cache and I eventually found the previous place I downloaded it to.

My main gripe is that this appears to be more about tracking 'traffic' and 'hits' than about security, which is actually *lowered* with more proxy-using sites being forced to decrypt HTTPS because of the large number of sites switching to HTTPS. Before -- HTTPS represented "sensitive" sites -- financial and maybe medical, but now, it represents "casual reading" of news and social sites. To continue caching and work-place monitoring of http usage, decoding https seems like its becoming an requirement. ;-(

Anyway, no preference, for me, which way this site goes given my proxy, but for those who don't have such -- probably no big deal on this site (given that's it's mostly text) anyway...

Replies are listed 'Best First'.
Re^4: SSL on PerlMonks
by Your Mother (Chancellor) on Sep 26, 2017 at 22:04 UTC
    than about security, which is actually *lowered*

    WAT? So, using https is making the web less secure? Care to elaborate?

      Because there's an uptick in usage of proxies that play MitM in order to provide caching.

      Before, when it was only sensitive sites using https, caching ignored them, but with "everybody" doing it, it becomes imperative to add decoding to the proxy efficiencies.

      For my own proxy, I can put in exceptions for my bank or credit card and not lose much in security (only for sensitive sites I forget to exclude), but for larger proxies at companies and institutions, its unlikely they'll bother to custom-add sensitive sites for all of their employees/users. They'll likely just rely on access control to the proxy machine -- which will be fine for most sites, but is less secure than if ssl traffic had remained "reserved" for sensitive sites.

      It's a classic example of "unintended consequences".

        This still strikes me as a highly subjective take. References? Citations? Statistics? Measurements?

        Because there's an uptick in usage of proxies that play MitM in order to provide caching.
        Maybe I'm misunderstanding something, but https is specifically designed to make this impossible, unless you diddle with the security settings in your browser. Is that what you are saying? That "companies and institutions" are installing diddled browsers on their employees' machines? Don't do personal web-browsing at work. Problem solved.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1199492]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (5)
As of 2017-12-17 21:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What programming language do you hate the most?




















    Results (466 votes). Check out past polls.

    Notices?