Nxdomain redirect revenue

Jimmy Hess mysidia at gmail.com
Tue Sep 27 18:55:28 CDT 2011


On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <owen at delong.com> wrote:
> On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:
>
> No, it isn't because it requires you to send the domain portion of the URL
> in clear text and it may be that you don't necessarily want to disclose even
> that much information about your browsing to the public.

That's OK.  You're kind of mincing security objectives here.
In regards to preventing tactics such as domain hijacking bt service providers,
the goal behind this would be integrity, not confidentiality.

The objective of using SSL is not to strongly encrypt data to keep it
secret, it's
to apply whatever is necessary to provide a level of integrity assurance.

The SSL cipher can almost be the null cipher, for all it matters,
but at least RC4  56-bit  or so would be needed,  because
the null cipher doesn't have message digests in TLS.

--
-JH



More information about the NANOG mailing list