One thing I'd love to see is hackers, NGOs, and small media orgs pooling their resources and doing edge caching for each other on their servers.
Most of the time most servers do not use all the bandwidth, so this could help handle peaks in traffic.
Two things would be needed on the tech side: 1. websites becoming more easy to cache (do you really need this bit of dynamic content there?), and 2. some way of doing TLS termination without giving out private keys.
Obviously, 1. is a decision that needs to be made by individual website owners.
And 2. has already been figured out by... CloudFlare (oh, the irony!):
We need a clean-room, FLOSS implementation of Keyless TLS. Nudge. Wink.
So far this has been a good discussion. Cool!
@rysiek You can do SNI-based reverse proxying with haproxy, which doesn't require the front-end proxy having the private keys, instead leaving most of the TLS negotiation to the backend service -- I'm not sure if this is quite the same as Cloudflare's "keyless TLS", but I think it's similar.
@molly oh, that sounds about right! Good to know, thank you. Looks like I need to do some research. :)
The above article describes the "front" being able to see the entire request and serve any content it desires.
Meanwhile a SNI proxy can't serve any content not originating from the upstream sever.
In fact it cannot even see the real HTTP header. So a SNI header may differ, from the real host header. This can allow some fun exploits, since you may be fooled by the client.
@rysiek caching is the painful topic - nobody wants to cache anything as each request cached means one precious unique view lost from sight of crappy 3rd party analytics JS :)
@kravietz dear Sir, do you have a moment to talk about our Lord and Saviour, Log Analytics?
Also, the JS bug pings the analytics server with the view data. So, caching doesn't really make web analytics harder. :)
@kravietz not everyone is Facebook, either.
@rysiek Unless the NGO is massive or tech specialized, they're not going to have the resources to do this or even think about it. Some of them can barely get a website up and running
@trebach sure, but for those NGOs that have the resources, now they don't have to reinvent the wheel.
@rysiek remember when Google tried to implement point 2 and everyone in the infosec community tried to explain what a terrible idea it was?
@ben moar context?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!