Date: Wed, 06 May 2015 12:36:47 -0400 From: James Keener <jim@jimkeener.com> To: kpneal@pobox.com, jd1008 <jd1008@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? Message-ID: <554A431F.7050807@jimkeener.com> In-Reply-To: <20150506160118.GA63426@neutralgood.org> References: <CAA3ZYrD_2AaDfW3oJ-NFt333DrjOwgBR-8bbqH0eVZGL6Y_5WQ@mail.gmail.com> <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <20150506160118.GA63426@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable There were a myriad of proposals for using things like starttls and entity-body encryption (leaving the headers plain-text to aid in routing and caching), but none of them caught on. TLS creates an encrypted tunnel between you and who you're talking to. While intermediate hops won't know the page you're looking for, they will know the ip address, and with SNI, the hostname you're talking to. Additionally, TLS-SRP (which I havn't yet seen in production (semi-unfortunately) will show your user id in plain text as well. Jim On 05/06/2015 12:01 PM, kpneal@pobox.com wrote: > On Thu, Apr 02, 2015 at 04:38:47PM -0600, jd1008 wrote: >> >> >> On 04/02/2015 03:25 PM, RW wrote: >>> On Thu, 02 Apr 2015 14:36:29 -0600 >>> jd1008 wrote: >>> >>>> https prevents intermediate hop points (such as your isp) >>>> from looking at the page content, or at the terms of your >>>> search. But that does not prevent them from seeing the url. >>> Actually it does. The url is sent inside the encryption. >>> >> That is good to know. I had thought otherwise. >=20 > You may have been thinking of "shttp". It was unencrypted until it turn= ed > on the encryption at some point in the request. >=20 > I haven't heard anything about shttp since I left a job where the guy > behind me was working on a web browser that supported it. That was 20 y= ears > ago. >=20 --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVSkMfAAoJEIwEMqCR4dtw6SIP/3mYePlkiy8b9SJ4gZE1m4kd PFxHaKZ2JkNuxMJgjLAnVZ8frJOBLntGLqJYxyxNW4zOqnvpN61kNVmTniyrcRg+ +Pd0+XnhcVvxpnYtauoCg3bxnq8feh3ax+p0AUXW3yYJKACzAIAILzw7EEBWyKpo Wkoy9oYWmOzeuhbVLkIwFlEh2HXlCwW+vlflPW9+WnMoXWlWOUjN7N54QIl5csdM j37uAiz5ZwRgzWHVls/th1XdZsPz9x6AhaatWpbCV4ClZMouRX+zsAcLfMIhu/57 M8YNu5fEyu5Cy1fWkDMmKLJk/SjgB4/mtgUycYaqbx9jsh7w6D9pXm11727BlNMI o5JAvxpNAr6DPFvfQeP6IRlQCVin2RNdEHGS1YkX4Ltay3sH505nbEQoBmj3mecM 3Ho79yE+i1qw9JTlO1seyCLCnJ/3la1v31qsSQocItymMaQoWrv7+/sTYE0aGA5J HBecr+2r/bc4NtrYMTOhLcFGWHfs7s38pLoKVmaR9IQPvQ0nIxN4t5NWXF2Rx1Xa KTPg9oE/ZQT8ZVfG/KzNFj+6DldqGiqLMNzbl24UHJPeOBs4QfMFOzphxmkMq1b4 brDLMGGYQlRE6piR0rsJcaeYyMsTn+4polTjycO9ywhOmF/X6SIR0R5GJqxE+JXv atthvfhLEla9h+f8qlx/ =PSqP -----END PGP SIGNATURE----- --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?554A431F.7050807>