| HN Mirror

The real world problem web bundles solve is distributed caching. Right now sites have pick one or a few CDNs and have a trust relationship with them and allow them to impersonate your site.

Web bundles changes this relationship so that anyone can cache sites if it benefits them to do so. If you share a link on Twitter or Facebook or Discord or Slack they can cache the page on their servers and deliver it through the connection you already have open to them.

Web Bundles also open the door for network-local caches that don’t require MitM or trusting the cache.

This feels contrived. Rarely do I, as a brand or content creator, want it circulating without my control. It doesn’t make business sense.

spankalee 2116 days ago

It's not without your control. You don't have to use bundles or signed exchanges. You can use bundles without signed exchanges. You can bundle only some resources, and leave plenty of things like dynamic content, comments, ads, etc. unbundled.

It's a file format, there will be lots of uses.

This feels like such a weird stance. I can’t imagine someone saying something to the effect of “I don’t want my DNS records just circulating without my control.” This isn’t like AP giving CNN republishing rights, this is getting a magazine from the stand at the convenience store rather than having going to the Condé Nast corporate HQ.

Like it’s your site, exactly as it would be if it was delivered by your server just delivered by someone who already had a copy on hand rather than fetching a new one every time. This is what HTTP proxies used to do, what DNS caches and browsers still do. TLS broke web caches because TLS secured the connection instead of the content.

jariel 2116 days ago

It's not weird to reject arbitrary complexity.

The most important issues is the 'lack of value' - not anything else.

Complexity compounds to imbue cost geometrically, we don't need stuff 'because', we need stuff that solves real problems.

For sure, but the big value prop is better speed and less load on your own servers when your content primarily comes from Twitter, Google, IG, Facebook, Reddit, etc. Small sites can use this to not need a CDN and avoid the hug of death.

If it doesn’t come with a benefit to you then it’s all good.

DNS is not content.

HTTP caches were always problematic from a business perspective. Great for downloading large binaries (installs) but problematic when they don’t expire as expected, or if content needs to change for contractual reasons.

joshuamorton 2116 days ago

Tell that to cloudflare.

It's not like you're forced to cache things if it doesn't work for your business case.

I mean you’re the one who gets to decide how long the signature is valid for just like you can choose your TTL in DNS. And a malicious cache can’t continue to serve stale content because browsers will reject it. You get a hard guarantee that your TTL will be respected.

judge2020 2116 days ago

Links on the page are the same as before signed, so the only actual problem with them is not being able to change/delete the documents hosted elsewhere immediately.

Yea, but the web server delivering them is now google. Google now gets the access logs and using the persistent tls socket can follow the users activity. Sure the content is signed, but the delivery is no longer private.

dlubarov 2116 days ago

> Google now gets the access logs

It doesn't seem like this would materially change the information Google receives. The status quo is that Google knows (via redirect links) what search results I click and when. It doesn't technically know what data the website will send me, but normally it's the same as Google's cached copy. It doesn't know what resources my browser will block, but in a bundle scenario, my browser is free to ignore resources even if they must be transmitted as part of a bundle.

> using the persistent tls socket can follow the users activity

Even if this caused browsers to keep idle sockets to Google alive more often, what information is there to be gained from an idle socket?

Because of CDNs the delivery was never all that private to begin with.

CDNs are a known commodity with business relationships. You can’t have an unknown CDN in the mix. They are an extension of your infrastructure and you can control if they are or aren’t in the path of control. They key here is that there is also a legal and business relationship.