X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 q=dns; s=default; b=ZtjC01GCfM5KvMA1KQuMUJ5JVuoO0z6SmkjyjOi5chz
	tDPoa/+Wv+mhwfN2qRzv753qiIx4B25izcUXoXzlc6XMmbscqxHL7ltnm0V9nu0R
	10ioT0nmS3+zRCN1E01TK6natTgSQ0eABPWeLLCSVw+kkkrbKlTpo+zsElDNhHU8
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	 s=default; bh=Ss0+3qO14QUrLs5Tjj3dETTJk5s=; b=LJtaDbnVMYUbzrPzB
	jUkw9CWzAswqDgk8YDt3SesTq6eZkCQQ9vPpK/CKIMjJzweUWyqZLFtQ7gaII1AC
	OF/3sR1N50UPlaRM6HWPbpKigeyKVyAKuMKSW8mkhidIh+cg13X95R8+GH1fTJME
	sUXlEEOI9pbRZ8Yli9yigLEaAM=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=H*F:U*cygwin, decade, encryption, H*r:192.168.3
X-HELO: Ishtar.sc.tlinx.org
Message-ID: <57204FB0.7030201@tlinx.org>
Date: Tue, 26 Apr 2016 22:35:44 -0700
From: Linda Walsh <cygwin AT tlinx DOT org>
User-Agent: Thunderbird
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Proposed patch for web site: update most links to HTTPS
References: <BL2PR03MB228A4FE7B2CCA51E5FF5163DF610 AT BL2PR03MB228 DOT namprd03 DOT prod DOT outlook DOT com> <1074467721 DOT 20160425030008 AT yandex DOT ru> <BL2PR03MB22817533DCF96CD385BD883DF620 AT BL2PR03MB228 DOT namprd03 DOT prod DOT outlook DOT com> <48360918 DOT 20160425084918 AT yandex DOT ru> <20160425124332 DOT GO2345 AT dinwoodie DOT org>
In-Reply-To: <20160425124332.GO2345@dinwoodie.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Adam Dinwoodie wrote:
> Secure connections historically had a high overhead, sure, but that's
> very rarely the case nowadays.  Certainly my experince of loading the
> Cygwin web page is that there's no perceptible difference between the
> http and https versions.  Adam Langley (a senior engineer at Google)
> wrote an article back in 2010 about how TLS is now computationally
> cheap[0]; it's only gotten cheaper since.
----
Google talking about benefits of https everywhere is a bit like 
the government telling us that having 'banks' create the rules
for how we use money is "impartial".

https slows down the entire web -- you think not by much -- and that's
because no one knows what the speed is like if everything that could
be cleartext, was.  Sure crypto speedups have been added to HW, but
speedups in communications HW has speed up as well.  So encryption speed
has gone up 100-200%, in the past decade, but in the past decade
communication speeds have gone up from 100Mb-> 10Gb @ home and 
~1Mb -> 50-100Mb over the external net -- that's a 1000% speedup @ home
to a 5000-10000% speedup externally.  That means more and more
of that speed is being lost to crypto which can't keep up and be secure
because it is expensive to do the computations.

A different example:  When I first started regular backups, I used gzip on 
default settings and thought my 5MB/s was 'normal'.  As my network went
up by 100x, I was still getting <10MB/s in backup speed.  The bottleneck
was the compression -- even fast compressors like lzo limit backups to
less than 20-30MB/s.  Compare that to uncompressed speeds:  200-400MB/s.

> At the very least, the Cygwin website should be using protocol-
> independent links, meaning users accessing the website using https
> aren't switched to http when they click on a link (i.e. link to
> "//cygwin.com/path/to/page" rather than "https://cygwin.com/..." or
> "http://cygwin.com/...").  But I agree with Brian: the Cygwin website
> should use https everywhere unless there's some good, specific reason
> why it's a bad idea.  And "TLS is slow" hasn't been a good reason for
> years.
---
Compared to the latency it induces over the net, and the increases in net
speed, it's getting slower and slower and the penalty is getting worse
by the year.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple