Nxdomain redirect revenue

• Previous message (by thread): Nxdomain redirect revenue
• Next message (by thread): Nxdomain redirect revenue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sep 27, 2011, at 4:55 PM, Jimmy Hess wrote:

> On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <owen at delong.com> wrote:
>> On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:
>> 
>> No, it isn't because it requires you to send the domain portion of the URL
>> in clear text and it may be that you don't necessarily want to disclose even
>> that much information about your browsing to the public.
> 
> That's OK.  You're kind of mincing security objectives here.
> In regards to preventing tactics such as domain hijacking bt service providers,
> the goal behind this would be integrity, not confidentiality.
> 
> The objective of using SSL is not to strongly encrypt data to keep it
> secret, it's
> to apply whatever is necessary to provide a level of integrity assurance.
> 
> The SSL cipher can almost be the null cipher, for all it matters,
> but at least RC4  56-bit  or so would be needed,  because
> the null cipher doesn't have message digests in TLS.
> 
> --
> -JH

As has been pointed out... SSL certs do almost nothing for integrity.

Owen

• Previous message (by thread): Nxdomain redirect revenue
• Next message (by thread): Nxdomain redirect revenue
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]