SPDY of the Future Might Blow Your Mind Today

AFAIK there's no way to initiate TLS over a SPDY stream (i guess SPDY could be extended to add TLS handshake control frames, but that's downright crazy) which would mean that the third diagram is misleading. End to end SSL would not be possible with a SPDY proxy. Instead, the client's SSL connection would extend to the SPDY proxy, and the proxy would have it's own SSL (HTTP, HTTPS or SPDY) connection to the remote server. If that's the case, the proxy would have unencrypted access to all traffic.<p>This is arguably not a problem for clients that explicitly opt in for this sort of proxy setup. But it sounds like this is not the case for the Kindle Fire. Based on this article (i don't have a Kindle Fire to test this theory), i'm guessing the browser has custom CA's for the SPDY proxy so that the SPDY proxy can spoof any domain through the magic of SNI. If all this is true, then it's pretty evil. People who know enough to check for the "secure connection" badge in the browser would be fooled into thinking they have end to end encryption to the website they are viewing. In reality, the proxy, and whoever runs it, silently has complete access to your unecrypted traffic.<p>There's quite a few assumptions here. And I'm not a SPDY expert so I may be overlooking something. But this doesn't sound like an optimization i'd be comfortable with.

speeding up that last mile concerned a lot of other people before, especially on slow mobile connections.<p>One example is Opera, they are even compressing http data, pictures etc. before transmitting to the client over a binary socket.

From November, so when it says "early next year" (w.r.t. Firefox implementing SPDY) it means "early <i>this</i> year".

Is there a good (fast, secure, stable) Apache or Nginx SPDY module yet?

SPDY of the future today: opera turbo the article is about proxying SPDY, actually, like opera turbo does for http. in fact, using opera turbo gives a similar performance (except opera also compresses stuff, and the proxy is at opera, not at the isp, which adds some latency)<p>Note also that newest pre-versions of Firefox have SPDY (need to enable via about:config)

If you don't trust your ISP, this doesn't really improve security at all. If anything, it gives them a choke point which makes it <i>easier</i> to inject content or slurp your data.

The whole point of IP networking was that you could connect to an unlimited number of destinations in parallel using a single phone line. How is this still a mind-blowing concept?

What about infra-structure? That SPDY gateway will have to handle a hell lot of load. Will we really need that extreme optimization in 2 years?

So, we need an open source SPDY gateway then? We all know our mobile ISPs won't develop it themselves...

SPDY stands for SPeeDY? What the hell is that?

"I spent a fair amount of time running network traces of the Kindle Fire, and I honestly don’t know quite what they’re doing yet."<p>That's a problem with binary protocols. How does Spdy help the 'open web' when you can't even tell what's even going on at the network layer even after spending lots of time trying?<p>This blog also like every other advocating Spdy ignores that HTTP tunneling in practice provides the same benefits. And the last graph is the same as for an HTTP proxy, nothing to see there.