User talk:Eighty5cacao/misc/Common objections to HTTPS support

From Pin Eight
Jump to: navigation, search

Makes intermediate caches unusable[edit]

Anonymous Coward pointed out that HTTPS breaks intermediate caching proxies, which increases the load on the origin servers. --Tepples 19:33, 23 November 2012 (MST)

As I understand, the usual solution breaks end-to-end encryption by using HTTPS only on the connection between the last proxy and the client, or by each proxy layer establishing a separate HTTPS connection to the previous one. This essay isn't targeted at financial institutions or other high-security sites, so I don't feel such an objection is strong enough to be given a section of its own.
And to give an example of the door-lock analogy: Saying "I don't want to support HTTPS because my old server can't handle the load" is like saying, "I need to leave the front door ajar to ventilate the house, or else Granny will get heatstroke, and the EMTs would take too long to bash down the door if the lock jammed..." I have better examples, but I won't spoil them just yet. --Eighty5cacao 21:35, 24 November 2012 (MST)
The resource subject to load is not just CPU. It's also bandwidth for serving static data, whose hits an intermediate caching proxy might otherwise serve. --Tepples 23:48, 24 November 2012 (MST)
Oh, I see that you were talking about proxies at the ISP or otherwise close to the client; my response was meant to cover proxies/CDNs configured by the website owner. As for my not having mentioned bandwidth already in the outline, my reason is as usual. --Eighty5cacao 15:00, 25 November 2012 (MST)

EFF mentioned the analogy to physical locks here. But I digress. --Eighty5cacao (talk) 19:44, 27 November 2015 (UTC)

Others continue to bring up proxies near the client, as mentioned in Mini-rant archive#HTTPS. --Tepples (talk) 14:42, 15 December 2016 (UTC)

Home servers without FQDN[edit]

One objection is that in order to get a certificate, a server first has to have a fully qualified domain name (FQDN). A lot of servers operated on a private home LAN, such as a NAS appliance, don't have such a name. (See User:Tepples/Secure Contexts.) Do you plan to address this any time soon? --Tepples (talk) 14:45, 15 December 2016 (UTC)

Acknowledged, but work on this essay is on hold indefinitely. --Eighty5cacao (talk) 22:24, 15 December 2016 (UTC)