Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.lang.java.security > #303
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!us.feeder.erje.net!news2.arglkargh.de!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail |
|---|---|
| From | Mike Amling <mamling@chaff.us> |
| Newsgroups | comp.lang.java.security |
| Subject | Re: the flip to HTTPS |
| Date | Mon, 29 Sep 2014 11:55:07 -0500 |
| Lines | 44 |
| Message-ID | <c8th74Fbq2vU1@mid.individual.net> (permalink) |
| References | <ne801a92lkfu7s0or59c13qvvupu015s5q@4ax.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Trace | individual.net wND4E7Tb+APlRW23kj3RhQv18aPlI9egjwG16oJfdotEoU1OdL |
| Cancel-Lock | sha1:9yiKMpqjFiU4SPQik9rzCqLDLek= |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
| In-Reply-To | <ne801a92lkfu7s0or59c13qvvupu015s5q@4ax.com> |
| Xref | csiph.com comp.lang.java.security:303 |
Show key headers only | View raw
On 9/10/14 5:13 AM, Roedy Green wrote: > I have noticed many sites flipping from HTTP: to HTTPS: even when the > site has no confidential information. I asked why. > > The answers I got: > > 1. Google is pushing it. They will bump your rankings if you do. > > 2. Google wants it universal to make life awkward for the snoops. They > can go on a goose change decrypting pudding recipes. > > 3. HTTPS: is a more robust protocol. > > I have always assumed HTTPS: would necessarily completely defeat > caching. Surely transport cannot be permitted to know anything at all > about the structure of the stream it is transmitting, or does it? > > Without HTTPS a cacher can serve the same page to several different > nearby users. The entity holding the relevant certificate's private key can share session keys with other systems. It's fairly common for load balancing to share on a LAN. Some sites share the session keys with a content delivery network, or caching proxies. > CloudFront has a funny sort of HTTPS where the cloud encrypts the last > leg with the caching server's certificate, not the original source's. > This allows some caching. Distributing a certificate's private key, or using multiple certificates for multiple servers, can also be made to work. > You can't do a thing with HTTPS to troubleshoot with Wireshark. Sometimes if you're lucky all you need is traffic analysis. > I would presume compression is becoming standard along with > encryption. I don't know about SPDY. > > The irony is this flip to HTTPS: leaves EMAIL still generally > unprotected. It needs a major overhaul. --Mike Amling SSBkb24ndCBzZWUgd2hhdCBhbnkgb2YgdGhpcyBoYXMgdG8gZG8gd2l0aCBKYXZhLg==
Back to comp.lang.java.security | Previous | Next — Previous in thread | Find similar
the flip to HTTPS Roedy Green <see_website@mindprod.com.invalid> - 2014-09-10 03:13 -0700 Re: the flip to HTTPS Mike Amling <mamling@chaff.us> - 2014-09-29 11:55 -0500
csiph-web