undefined | Better HN

0 pointsMikhail_Edoshin6y ago0 comments

I remember a discussion here on HN about how it makes life very hard for organizations like a school in Africa where the Internet connection is slow and expensive. Although many requests go many times to same pages (e.g. Wikipedia), HTTPS makes it impossible to cache them with a local cheap proxy.

HTTPS is cargo-cult'ish in this aspect. One obviously should not accept or serve personal data over HTTP, but why to encrypt public information? (Having said that I'm guilty here too as I blindly followed the instruction given to me by my hosting company and my plain open site redirects to HTTPS.)

0 comments

namibj6y ago

Soon we can properly sign HTTP requests using DNS for the PKI. Stuff like SRI inside HTML is paving the road to allow verification of hashes transmitted via header for the main page request, including a signature of that hash and url or such.

Sort of similar to how linux package managers employ GPG and package mirrors.

Or maybe we can provide caching based on signed-exchange.

rogual6y ago

One benefit of encrypting public information is that ISPs can't mess with it by inserting ads and such.

j / k navigate · click thread line to collapse