On Fri, May 3, 2013 at 12:06 PM, Jay Ashworth <jra@baylink.com> wrote:
It occurs to me that I don't believe I've seen any discussion of the Unexpected Consequence of pervasive HTTPS replacing HTTP for unauthenticated sessions, like non-logged-in users browsing sites like Wikipedia.
That traffic's not cacheable, is it? Proxy caches on services like mobile 3/4G, or smaller ISPs, or larger corporations can't cache it, I wouldn't think, which means both that they will see traffic increases, and that the end sites will as well.
Has this been discussed and I missed it? Do I improperly understand transparent caching? Or is this just a bomb waiting to go off?
I assume that Wikipedia themselves are on top of the idea that their in-house reverse-proxies won't be carrying that traffic (though I don't actually know what their architecture looks like anymore), but..
If anyone's curious about Wikipedia (we're open with our architecture) - we aren't really effected by using https instead of http for non logged in sessions. I'm assuming all of the other major sites use similar methods. The path goes user <--> LVS load balancer <--> nginx ssl termination <--> varnish (caching layer) <--> (if cache miss) application layer The only extra "hop" for https is the ssl termination, and while if all of a sudden 100% of our traffic switched from http to https, we'd be underprovisioned and have to scramble, the incremental effect of a single user (or all the https everywhere users!) using https is incredibly tiny. It's not as cpu-intensive as many people think. Unless a corporation is breaking ssl ( like in this case - http://superuser.com/questions/115349/firefox-this-connection-is-untrusted-b... ) their proxies would be unable to cache SSL content. If you're curious about wikimedia's architecture, you can check it out on our wiki -- https://wikitech.wikimedia.org/wiki/Main_Page Leslie
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274