[145118] in North American Network Operators' Group
Re: Nxdomain redirect revenue
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Sep 28 01:28:47 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAAAwwbX8LE7X1vNSr+=ZOWdRjgXxRUy=PaC_A21Vi46-H-EEgA@mail.gmail.com>
Date: Tue, 27 Sep 2011 22:23:34 -0700
To: Jimmy Hess <mysidia@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 27, 2011, at 4:55 PM, Jimmy Hess wrote:
> On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <owen@delong.com> wrote:
>> On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:
>>=20
>> No, it isn't because it requires you to send the domain portion of =
the URL
>> in clear text and it may be that you don't necessarily want to =
disclose even
>> that much information about your browsing to the public.
>=20
> That's OK. You're kind of mincing security objectives here.
> In regards to preventing tactics such as domain hijacking bt service =
providers,
> the goal behind this would be integrity, not confidentiality.
>=20
> The objective of using SSL is not to strongly encrypt data to keep it
> secret, it's
> to apply whatever is necessary to provide a level of integrity =
assurance.
>=20
> The SSL cipher can almost be the null cipher, for all it matters,
> but at least RC4 56-bit or so would be needed, because
> the null cipher doesn't have message digests in TLS.
>=20
> --
> -JH
As has been pointed out... SSL certs do almost nothing for integrity.
Owen
