On Fri, May 3, 2013 at 3:33 PM, Wes Felter <w...@felter.org> wrote: > On 5/3/13 2:06 PM, Jay Ashworth wrote: > >> It occurs to me that I don't believe I've seen any discussion of the >> Unexpected Consequence of pervasive HTTPS replacing HTTP for >> unauthenticated >> sessions, like non-logged-in users browsing sites like Wikipedia. >> >> That traffic's not cacheable, is it? >> > > This has been discussed over the last year in the IETF HTTP WG in the > context of SPDY and HTTP 2.0. Today this traffic is not cacheable. Some > people are proposing to have a mode that is end-to-end secure and shows the > lock icon in the browser and a different mode that uses SSL to the cache > and SSL from the cache to the origin and doesn't show a lock. > For networks that have traffic inspection "requirements" (e.g. > education/enterprise) there has also been discussion about a signaling > protocol for the network to indicate to browsers that all non-proxied > traffic will be dropped. Transparent proxies are evil and one of the goals > of HTTP 2.0 is to make proxies visible to the browser/user so they can > choose whether to consent to having their traffic proxied. > > -- > Wes Felter >
Thanks for the summary, Wes. If operators have thoughts on this issue, there is still discussion going on about HTTP/2.0. As Wes notes, HTTP/2.0 is going to have a strong emphasis on TLS, as with SPDY. Please send comments to the WG mailing list: <http://tools.ietf.org/wg/httpbis> <http://lists.w3.org/Archives/Public/ietf-http-wg/> Cheers, --Richard
