nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nxdomain redirect revenue

From: Owen DeLong <owen () delong com>
Date: Tue, 27 Sep 2011 22:23:34 -0700

On Sep 27, 2011, at 4:55 PM, Jimmy Hess wrote:


On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <owen () delong com> wrote:

On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:

No, it isn't because it requires you to send the domain portion of the URL
in clear text and it may be that you don't necessarily want to disclose even
that much information about your browsing to the public.


That's OK.  You're kind of mincing security objectives here.
In regards to preventing tactics such as domain hijacking bt service providers,
the goal behind this would be integrity, not confidentiality.

The objective of using SSL is not to strongly encrypt data to keep it
secret, it's
to apply whatever is necessary to provide a level of integrity assurance.

The SSL cipher can almost be the null cipher, for all it matters,
but at least RC4  56-bit  or so would be needed,  because
the null cipher doesn't have message digests in TLS.

--
-JH


As has been pointed out... SSL certs do almost nothing for integrity.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: