Hacker News new | past | comments | ask | show | jobs | submit login

Transparent caching is part of what makes http so great. Security is relative, you can authenticate content without encrypting it, if there is nothing sensitive about the content.

The authentication can happen external to the http or spdy transaction as well.




> you can authenticate content without encrypting it

True, but insecure HTTP provides neither authentication nor encryption.

> if there is nothing sensitive about the content.

Encrypting only sensitive content leaks information to observers and attackers, namely when you transmit sensitive content, and which servers you connect to when you do so. Encrypting all content eliminates that information leak.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: