Nxdomain redirect revenue

Owen DeLong owen at delong.com
Wed Sep 28 05:23:34 UTC 2011

On Sep 27, 2011, at 4:55 PM, Jimmy Hess wrote:

> On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <owen at delong.com> wrote:
>> On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote:
>> No, it isn't because it requires you to send the domain portion of the URL
>> in clear text and it may be that you don't necessarily want to disclose even
>> that much information about your browsing to the public.
> That's OK.  You're kind of mincing security objectives here.
> In regards to preventing tactics such as domain hijacking bt service providers,
> the goal behind this would be integrity, not confidentiality.
> The objective of using SSL is not to strongly encrypt data to keep it
> secret, it's
> to apply whatever is necessary to provide a level of integrity assurance.
> The SSL cipher can almost be the null cipher, for all it matters,
> but at least RC4  56-bit  or so would be needed,  because
> the null cipher doesn't have message digests in TLS.
> --
> -JH

As has been pointed out... SSL certs do almost nothing for integrity.


More information about the NANOG mailing list