[afnog] privacy vs caching

Alan Barrett apb at cequrux.com
Mon Dec 22 09:31:33 UTC 2014 

On Sun, 21 Dec 2014, Randy Bush wrote:
> caching is very difficult with end-to-end encryption as the 
> cache does not have the private keys of the server.  the ietf is 
> in a bit of a muddle on this.  should one allow middle-boxes to 
> break the encryption and fake it?

I would be upset with a connectivity provider who broke 
encryption, faked certificates or otherwise interfered with the 
end to end model.  I go so far as being upset with providers who 
redirect TCP port 80 to a "transparent" proxy.  If you have a 
proxy, then I will be happy to configure it as an upstream for 
my browser or for my own proxy, and I'll also be happy if you 
announce it in DHCP or other configuration protocols, and I'll be 
happy if my browser automatically uses your proxy (provided I can 
control whether or not the autoconfiguration method is used), but 
I won't be happy if my packet to TCP port 80 up going somewhere 
other than the requested destination.

I would like content providers to give me the option of using HTTP 
or HTTPS, so that I can make my own tradeoff between cacheability 
and privacy.  If they want me to view their ads, or contribute 
to their page view counters, then I wish they could find a way 
to do that my mixing cacheable and non-cacheable content in such 
a way that the bulk of the expensive traffic is cacheable, but 
they still get their hit counts and per-viewer customised ads via 
non-cacheable wrapper pages.

I can imagine mechanisms to allow both cacheing and on-the-wire 
encryption, but not end-to-end encryption.  I'd be fine with them 
too, for some types of content, and with appropriate notification.

> so which is more important to you and your customers (think 
> consumers, banks, news sites, ...), end-to-end encryption to 
> ensure privacy, or caching to reduce bandwidth consumption and 
> improve latency?

For public content, let me make my own choice on a per-website 
basis.  For content that is customised for me, I prefer privacy to 
cacheability.

--apb (Alan Barrett)

More information about the afnog mailing list