Re: HTTPS and URL encoding

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 05/28/04 

Date: Thu, 27 May 2004 18:36:23 -0400

In article <40B66A5F.F403FFB1@anta.net>, Thor Kottelin <thor@anta.net>
wrote:

> Barry Margolin wrote:
> >
> > In article <40B64AD4.9C0A1C1A@anta.net>, Thor Kottelin <thor@anta.net>
> > wrote:
>
> > > Your ISP will see a TCP connection, an SSL/TLS handshake, and encrypted
> > > stuff from there on. They might also see one or more preceding DNS
> > > queries,
> > > which might give away the host name, which, in turn and OTOH, would
> > > probably
> > > also be easy to determine by doing a reverse lookup.
> >
> > Not if it's a virtual server -- multiple names map to the same address,
> > and the reverse lookup probably wouldn't produce the one that the user
> > used.
>
> It's not very common for HTTPS to be available on name-based virtual hosts,
> is it?

Good point. Now that you remind me, I think there's a problem with
certificate verification, which is based on IP rather than name. 

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Relevant Pages

  • Re: History
    ... > HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, ... Or over TLS, the successor of SSL. ... There is a huge difference in meaning between the term "security protocol" ... And even if that were so (I wonder what "common use" means to a person ...
    (comp.lang.javascript)
  • Re: History
    ... Or over TLS, the successor of SSL. ... There is a huge difference in meaning between the term "security protocol" ... for HTTPS, which is wrong, and the term "secure protocol", which is right. ... And even if that were so (I wonder what "common use" means to a person ...
    (comp.lang.javascript)
  • Re: History
    ... HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, ... (check Cisco, Sun and Co). ... Wiki... ... it is a good thing for common (and specially ...
    (comp.lang.javascript)