Why does FreeBSD insist on https?

[James Keener]

There were a myriad of proposals for using things like starttls and
entity-body encryption (leaving the headers plain-text to aid in routing
and caching), but none of them caught on.

TLS creates an encrypted tunnel between you and who you're talking to.
While intermediate hops won't know the page you're looking for, they
will know the ip address, and with SNI, the hostname you're talking to.

Additionally, TLS-SRP (which I havn't yet seen in production
(semi-unfortunately) will show your user id in plain text as well.

Jim

On 05/06/2015 12:01 PM, kpneal at pobox.com wrote:
> On Thu, Apr 02, 2015 at 04:38:47PM -0600, jd1008 wrote:
>>
>>
>> On 04/02/2015 03:25 PM, RW wrote:
>>> On Thu, 02 Apr 2015 14:36:29 -0600
>>> jd1008 wrote:
>>>
>>>> https prevents intermediate hop points (such as your isp)
>>>> from looking at the page content, or at the terms of your
>>>> search. But that does not prevent them from seeing the url.
>>> Actually it does. The url is sent inside the encryption.
>>>
>> That is good to know. I had thought otherwise.
> 
> You may have been thinking of "shttp". It was unencrypted until it turned
> on the encryption at some point in the request.
> 
> I haven't heard anything about shttp since I left a job where the guy
> behind me was working on a web browser that supported it. That was 20 years
> ago.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150506/bd441e14/attachment.sig>