On Sun, 28 Aug 2011, Arthur Corliss wrote:
<snip>
Which brings to mind yet another point: for those of us providing content
filtering services via proxies SSL is a huge problem. The only good
solution is to do transparent interception of SSL connections with your
proxies serving up a private CA-signed certificate using wild cards, but
that requires installing your private CA's root certificate on all clients,
and even then there's clients that that still won't work on. Never mind
that the concept of spoofing external organization certificates is insanely
dangerous in its own right.
I'm going to preemptively qualify this brain dump as relevant to the
metacpan debate because I would consider metacpan's content, search results,
etc., to be highly cacheable. Moreso than a general purpose engine like
Google, metacpan's results would tend to be more applicable to multiple
users' searches. And yet the whole SSL-only mindset would hamper an
individual network operator's ability to control and shape its network.
Hopefully no one misconstrues this as me being against SSL sites, I'm
extremely in favor of them, particularly with organizations hosting my
sensitive information. I only think metacpan should offer both HTTPS and
HTTP interfaces. Let those ultra-paranoids among us use the HTTPS, and the
rest of us HTTP.
--Arthur Corliss
Live Free or Die
