Comment 7 for bug 46591

Revision history for this message
Adam Buchbinder (adam-buchbinder) wrote :

Might it be possible to work with some browser developers on caching CSS/JS/images over SSL? I can imagine that this might not be a good idea in all circumstances, but given that this isn't the only bug tracker which runs over SSL, some kind of header ("X-Always-Cache: yes" or something) or other mechanism for flagging certain SSL-served content as cacheable would show significant benefits for the users, in terms of increased speed, and for site owners, in terms of fewer hits on their static content.

As for the reason bugzilla.mozilla.org switched over, see http://gemal.dk/blog/2004/09/21/bugzillamozillaorg_protected_with_ssl_encryption/. The idea is that some bug reports may contain sensitive information (e.g., non-public security advisories), so the whole shebang is encrypted end-to-end to guard against eavesdroppers. It also protects against eavesdropping on the login process, but one would only need to protect the login pages to fix that.