The "do not search a culprit" stuff: What is the point with encryption ? If your users have a very-low bandwidth, they will get a crappy service, with or without encryption This is our world, our http-based internet is NOT made for a 40k connection The "tip stuff": If you simply do not care about encryption, or are willing to trade privacy for caching because you have no-bandwidth, you can simply break SSL It costs nothing, and you will not mind the "red lock" (remember: trade-off) The "philosophical stuff": About your last part, you are absolutely right, this is a sad situation, yet not true Niklaus Wirth (the pascal guy) said in 1995: "Software gets slower faster than hardware gets faster." This has never been so true .. On 05/28/2018 06:09 PM, Mike Hammett wrote:
I can't imagine rural third-country villages have much influence over the departments of the appropriate companies to affect all of the junk getting added to sites these days.
I'm also not foolish enough to think this thread will affect the encrypt-everything crowd as it is more of a religion\ideology than a practical matter. However, maybe it'll shed some light on technical ways of dealing with this at the service-provider level or plant some doubt in someone's mind the next time they think they need to encrypt non-sensitive information.
The same goes for all development. My phone is significantly slower today than a couple years ago when new without a significant change in the amount of stuff that I run because developers are lazy and fill the space the latest platforms offer them.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Monday, May 28, 2018 10:00:36 AM Subject: Re: Impacts of Encryption Everywhere (any solution?)
On Mon, May 28, 2018 at 09:23:09AM -0500, Mike Hammett wrote:
Some things certainly do need to be encrypted, but encrypting everything means people with limited Internet access get worse performance OR mechanisms have to be out in place to break ALL encryption, this compromising security and privacy when it's really needed.
There are better places to reduce traffic while simultaneously enhancing security and privacy. The new EU version of the home page of USA Today is about 20% the size of the one presented in the US -- because it's had all the tracking and scripting stripped out -- with a concomitant reduction in load time and rendering time. Much more drastic reductions are available elsewhere, e.g., mail messages composed of text only are typically 5% to 10% the size of the same messages marked up with HTML.
The problem (part of the problem) is that the people doing these foolish things are new, ignorant, and privileged: they don't realize that bandwidth is still an expensive and scarce resource for most of the planet. I've said for years that every web designer should be forced to work in an environment bandlimited to 56K in order to instll in them the virtue of frugality and strongly discourage them from flattering their egos by creating all-singing all-dancing web sites...that look great in the portfolios they'll show to their peers but are horribly bloated, slow, unrenderable in a lot of browsers, and fraught with security and privacy problems. (Try pointing a text-only browser at your favorite website. Can you even read the home page?)
---rsk