Slashdot Mirror


The Cost of the "S" In HTTPS

An anonymous reader writes Researchers from CMU, Telefonica, and Politecnico di Torino have presented a paper at ACM CoNEXT that quantifies the cost of the "S" in HTTPS. The study shows that today major players are embracing end-to-end encryption, so that about 50% of web traffic is carried by HTTPS. This is a nice testament to the feasibility of having a fully encrypted web. The paper pinpoints also the cost of encryption, that manifests itself through increases in the page loading time that go above 50%, and possible increase in battery usage. However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc. Are we ready to accept it? (Presentation can be downloaded from here.)

2 of 238 comments (clear)

  1. Those aren't the services you're looking for by Overzeetop · · Score: 5, Interesting

    "in-network value added services"

    I just read that as "advertising".

    Besides, I though most of the internet traffic was netflix now. Is that all done https in a way that distributed caches are infeasible? I understood that the caching was pretty robust for their traffic.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  2. Cost of certificates by bunratty · · Score: 4, Interesting

    The other cost of the S is the difficulty in obtaining and using certificates that are recognized by browsers without bothering the user. That's why the Let's Encrypt project is trying to make it free and easy.

    --
    What a fool believes, he sees, no wise man has the power to reason away.