Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 06 May 2015 12:36:47 -0400
From:      James Keener <jim@jimkeener.com>
To:        kpneal@pobox.com, jd1008 <jd1008@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Why does FreeBSD insist on https?
Message-ID:  <554A431F.7050807@jimkeener.com>
In-Reply-To: <20150506160118.GA63426@neutralgood.org>
References:  <CAA3ZYrD_2AaDfW3oJ-NFt333DrjOwgBR-8bbqH0eVZGL6Y_5WQ@mail.gmail.com> <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <20150506160118.GA63426@neutralgood.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hNorQMt8tFV4cVBFewu1KetluwqQxNwrH
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

There were a myriad of proposals for using things like starttls and
entity-body encryption (leaving the headers plain-text to aid in routing
and caching), but none of them caught on.

TLS creates an encrypted tunnel between you and who you're talking to.
While intermediate hops won't know the page you're looking for, they
will know the ip address, and with SNI, the hostname you're talking to.

Additionally, TLS-SRP (which I havn't yet seen in production
(semi-unfortunately) will show your user id in plain text as well.

Jim

On 05/06/2015 12:01 PM, kpneal@pobox.com wrote:
> On Thu, Apr 02, 2015 at 04:38:47PM -0600, jd1008 wrote:
>>
>>
>> On 04/02/2015 03:25 PM, RW wrote:
>>> On Thu, 02 Apr 2015 14:36:29 -0600
>>> jd1008 wrote:
>>>
>>>> https prevents intermediate hop points (such as your isp)
>>>> from looking at the page content, or at the terms of your
>>>> search. But that does not prevent them from seeing the url.
>>> Actually it does. The url is sent inside the encryption.
>>>
>> That is good to know. I had thought otherwise.
>=20
> You may have been thinking of "shttp". It was unencrypted until it turn=
ed
> on the encryption at some point in the request.
>=20
> I haven't heard anything about shttp since I left a job where the guy
> behind me was working on a web browser that supported it. That was 20 y=
ears
> ago.
>=20


--hNorQMt8tFV4cVBFewu1KetluwqQxNwrH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJVSkMfAAoJEIwEMqCR4dtw6SIP/3mYePlkiy8b9SJ4gZE1m4kd
PFxHaKZ2JkNuxMJgjLAnVZ8frJOBLntGLqJYxyxNW4zOqnvpN61kNVmTniyrcRg+
+Pd0+XnhcVvxpnYtauoCg3bxnq8feh3ax+p0AUXW3yYJKACzAIAILzw7EEBWyKpo
Wkoy9oYWmOzeuhbVLkIwFlEh2HXlCwW+vlflPW9+WnMoXWlWOUjN7N54QIl5csdM
j37uAiz5ZwRgzWHVls/th1XdZsPz9x6AhaatWpbCV4ClZMouRX+zsAcLfMIhu/57
M8YNu5fEyu5Cy1fWkDMmKLJk/SjgB4/mtgUycYaqbx9jsh7w6D9pXm11727BlNMI
o5JAvxpNAr6DPFvfQeP6IRlQCVin2RNdEHGS1YkX4Ltay3sH505nbEQoBmj3mecM
3Ho79yE+i1qw9JTlO1seyCLCnJ/3la1v31qsSQocItymMaQoWrv7+/sTYE0aGA5J
HBecr+2r/bc4NtrYMTOhLcFGWHfs7s38pLoKVmaR9IQPvQ0nIxN4t5NWXF2Rx1Xa
KTPg9oE/ZQT8ZVfG/KzNFj+6DldqGiqLMNzbl24UHJPeOBs4QfMFOzphxmkMq1b4
brDLMGGYQlRE6piR0rsJcaeYyMsTn+4polTjycO9ywhOmF/X6SIR0R5GJqxE+JXv
atthvfhLEla9h+f8qlx/
=PSqP
-----END PGP SIGNATURE-----

--hNorQMt8tFV4cVBFewu1KetluwqQxNwrH--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?554A431F.7050807>