On 09/09/2014 06:09 PM, Moritz Bartl wrote:
With the current structure of mirrors, we already rely on 3rd parties with whatever policy they have. I don't think Andrew is actually suggesting to move the main site or main mirrors over there.
Correct. The point was to run an experiment and see what cloudflare will actually cache and serve. Lots of mirror ops have asked about using cloudflare.
I'll highlight the key sentence in my email:
"The results are that using cloudflare doesn't offload the binaries, which are what make up the bulk of traffic on the mirror."
Since the binaries are served up by the actual site and not cloudflare, there isn't much point in using cloudflare. The only real point I see is what Moritz highlights:
"It might actually allow some users to reach a mirror for which other mirrors are blocked."
Unless some company/country are going to block all of cloudflare or a CDN, our mirrors can still be reachable. This is the same idea that David Fifeld is counting on with the meek transport using Google App Engine. Blocking all of Google seems a huge cost vs the gain of stopping some tor users.
The alternative is that cloudflare/cdn/google kick us off their systems to avoid being blocked.