I'm going to close this as wontfix - and I'm opening a separate bug listing the various bits of optimising and tuning we're doing to get good performance out of SSL.
Making the application switch between HTTP and HTTPS on a per-page basis is extremely complex. For instance, a bug search that returns a private bug has to return on HTTPS. But if the search is submitted on HTTP we probably have leaked some info about the bug (e.g. a customer name, product name etc) in the submission. Further, we add a late SSL handshake when we do switch to HTTPS, and the SSL session is going to be likely stale by now.
The users that need the best possible performance - the folk doing massive amounts of bug triage - are often the same users that have the most access to private data and are least able to make use of HTTP.
So the benefits to most of the heavy users of the system would be marginal, and we want to make Launchpad fast for them anyway. If we make it fast for the heaviest users on HTTPS we can make it fast for casual users on HTTPS too with a bit of care.
I'm going to close this as wontfix - and I'm opening a separate bug listing the various bits of optimising and tuning we're doing to get good performance out of SSL.
Making the application switch between HTTP and HTTPS on a per-page basis is extremely complex. For instance, a bug search that returns a private bug has to return on HTTPS. But if the search is submitted on HTTP we probably have leaked some info about the bug (e.g. a customer name, product name etc) in the submission. Further, we add a late SSL handshake when we do switch to HTTPS, and the SSL session is going to be likely stale by now.
The users that need the best possible performance - the folk doing massive amounts of bug triage - are often the same users that have the most access to private data and are least able to make use of HTTP.
So the benefits to most of the heavy users of the system would be marginal, and we want to make Launchpad fast for them anyway. If we make it fast for the heaviest users on HTTPS we can make it fast for casual users on HTTPS too with a bit of care.