From owner-freebsd-questions@FreeBSD.ORG Wed May 6 16:44:01 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 83EFAF42 for ; Wed, 6 May 2015 16:44:01 +0000 (UTC) Received: from mail-vn0-f43.google.com (mail-vn0-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3F0B71E41 for ; Wed, 6 May 2015 16:44:00 +0000 (UTC) Received: by vnbf62 with SMTP id f62so1137718vnb.3 for ; Wed, 06 May 2015 09:43:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=sLcsi9VVTh114uuOrLlV6dFRXQgYXYwjTjwqEZjiaW8=; b=d4+m7AusEcSyFAvd9txLWZk5QdR9mRCdqlUWwqJoDFxPDaqfIjGXs7IBAQKQFFL7gM scqKzpbLTR7gZiohyoZjgROUMlpQUy0KOODY8mDStyMr2TVRcHp8Rul8VvyC2BJFND4p 9xEKEONyqnlUkeuw1Fy1uZC0cDUNeBFfrMlNHPN91umXQaI+ZPIMxd9+6/U7rHdaZUEb qiGlBfWJJXJWDoyz2tdrD6nhfBZKLNmLIa9fmLHIWwcxONbPG1eRNXCD6gflxrBc9is+ j8+Izg0x8Ofrtaoct0g7JX9dTuwgCJHlmT4HRR7zh8BShLdTD/MqndPqioA6JQE3+BDU zPaA== X-Gm-Message-State: ALoCoQk3oJg5kjoJL96skZkXkBNLYAC6b3Dw8ZPPIG5rogQCNOz5o2yGJK6nUqRF+BmybBC3prxp X-Received: by 10.52.240.198 with SMTP id wc6mr35794251vdc.34.1430930209246; Wed, 06 May 2015 09:36:49 -0700 (PDT) Received: from [10.106.5.131] (pool-74-98-43-86.pitbpa.east.verizon.net. [74.98.43.86]) by mx.google.com with ESMTPSA id de3sm592385vdc.17.2015.05.06.09.36.47 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 May 2015 09:36:48 -0700 (PDT) Message-ID: <554A431F.7050807@jimkeener.com> Date: Wed, 06 May 2015 12:36:47 -0400 From: James Keener User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: kpneal@pobox.com, jd1008 CC: freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? References: <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <20150506160118.GA63426@neutralgood.org> In-Reply-To: <20150506160118.GA63426@neutralgood.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hNorQMt8tFV4cVBFewu1KetluwqQxNwrH" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 16:44:01 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable There were a myriad of proposals for using things like starttls and entity-body encryption (leaving the headers plain-text to aid in routing and caching), but none of them caught on. TLS creates an encrypted tunnel between you and who you're talking to. While intermediate hops won't know the page you're looking for, they will know the ip address, and with SNI, the hostname you're talking to. Additionally, TLS-SRP (which I havn't yet seen in production (semi-unfortunately) will show your user id in plain text as well. Jim On 05/06/2015 12:01 PM, kpneal@pobox.com wrote: > On Thu, Apr 02, 2015 at 04:38:47PM -0600, jd1008 wrote: >> >> >> On 04/02/2015 03:25 PM, RW wrote: >>> On Thu, 02 Apr 2015 14:36:29 -0600 >>> jd1008 wrote: >>> >>>> https prevents intermediate hop points (such as your isp) >>>> from looking at the page content, or at the terms of your >>>> search. But that does not prevent them from seeing the url. >>> Actually it does. The url is sent inside the encryption. >>> >> That is good to know. I had thought otherwise. >=20 > You may have been thinking of "shttp". It was unencrypted until it turn= ed > on the encryption at some point in the request. >=20 > I haven't heard anything about shttp since I left a job where the guy > behind me was working on a web browser that supported it. That was 20 y= ears > ago. >=20 --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVSkMfAAoJEIwEMqCR4dtw6SIP/3mYePlkiy8b9SJ4gZE1m4kd PFxHaKZ2JkNuxMJgjLAnVZ8frJOBLntGLqJYxyxNW4zOqnvpN61kNVmTniyrcRg+ +Pd0+XnhcVvxpnYtauoCg3bxnq8feh3ax+p0AUXW3yYJKACzAIAILzw7EEBWyKpo Wkoy9oYWmOzeuhbVLkIwFlEh2HXlCwW+vlflPW9+WnMoXWlWOUjN7N54QIl5csdM j37uAiz5ZwRgzWHVls/th1XdZsPz9x6AhaatWpbCV4ClZMouRX+zsAcLfMIhu/57 M8YNu5fEyu5Cy1fWkDMmKLJk/SjgB4/mtgUycYaqbx9jsh7w6D9pXm11727BlNMI o5JAvxpNAr6DPFvfQeP6IRlQCVin2RNdEHGS1YkX4Ltay3sH505nbEQoBmj3mecM 3Ho79yE+i1qw9JTlO1seyCLCnJ/3la1v31qsSQocItymMaQoWrv7+/sTYE0aGA5J HBecr+2r/bc4NtrYMTOhLcFGWHfs7s38pLoKVmaR9IQPvQ0nIxN4t5NWXF2Rx1Xa KTPg9oE/ZQT8ZVfG/KzNFj+6DldqGiqLMNzbl24UHJPeOBs4QfMFOzphxmkMq1b4 brDLMGGYQlRE6piR0rsJcaeYyMsTn+4polTjycO9ywhOmF/X6SIR0R5GJqxE+JXv atthvfhLEla9h+f8qlx/ =PSqP -----END PGP SIGNATURE----- --hNorQMt8tFV4cVBFewu1KetluwqQxNwrH--