Re: HTTPS and URL encoding
From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 05/28/04
- Previous message: Roger Hunt: "Re: Security bug in Winamp"
- In reply to: Thor Kottelin: "Re: HTTPS and URL encoding"
- Next in thread: Thor Kottelin: "Re: HTTPS and URL encoding"
- Reply: Thor Kottelin: "Re: HTTPS and URL encoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 May 2004 18:07:53 -0400
In article <40B64AD4.9C0A1C1A@anta.net>, Thor Kottelin <thor@anta.net>
wrote:
> Jason LaRue wrote:
> >
> > So the shorter answer is:
> > Your ISP will see https://www.realsite.com/alk63d1goua8hd...
>
> No. Your ISP will see a TCP connection, an SSL/TLS handshake, and encrypted
> stuff from there on. They might also see one or more preceding DNS queries,
> which might give away the host name, which, in turn and OTOH, would probably
> also be easy to determine by doing a reverse lookup.
Not if it's a virtual server -- multiple names map to the same address,
and the reverse lookup probably wouldn't produce the one that the user
used.
-- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
- Previous message: Roger Hunt: "Re: Security bug in Winamp"
- In reply to: Thor Kottelin: "Re: HTTPS and URL encoding"
- Next in thread: Thor Kottelin: "Re: HTTPS and URL encoding"
- Reply: Thor Kottelin: "Re: HTTPS and URL encoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
