Hacker News new | past | comments | ask | show | jobs | submit login

The use of HTTPS doesn't destroy cacheability, it just requires that one of the legitimate endpoints authorize the cache to be there.



Right, it forces the cache to come from the content provider rather than being provided downstream by the client's organization.


But for many users, their downstream organization is their ISP. From my point of view, any caching by them is malicious. I didn't send my request to the IP of their caching server, I sent it to the IP of the site I'm trying to reach. Redirecting my request to their cache is a MITM attack.

If my employer wants to use caching, they can install a cert for their proxy on my machine (or require me to do so), so it's not a problem - although it is more technically complex.


If it's inside the organization then they can put in a local cert and run a cache.

It only prevents caches that are in the middle and trusted by neither end. I'm okay with that in almost all cases.


What about dorms, hospitals (patient wifi), libraries, hotels, cafes and small ISPs? They do not have access to their clients certs-




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: