Follow
The primary function of TLS in.today's web apps is server authenticity, which is required for even totally public content like CSS, JS etc. This helps avoid content injection attacks, but has also unfortunately killed all proxy caching. I guess what we are after is HTTP cleartext content signing protocols but there is not much interest in that for a number of reasons.