Theories of whether http strings are comms data....
Ben Laurie
ben at algroup.co.uk
Sun, 04 Jun 2000 12:52:07 +0100
Caspar Bowden wrote:
>
> There are two issues:
>
> A) whether 20.4 admits an interpretation which would allow an http string
> with embedded parameters, to be called comms data (as opposed to merely the
> website - or its IP address)
>
> B) if there is such an interpretation, whether it would be lawful for 21.3
> authorized persons to acquire this directly (say via GTAC) without serving
> Notice on an ISP
>
> I've tried to give a clearer explanation of the "communication" = "request
> to web-server" theory appended below, but there is an alternative (and much
> simpler) theory : just eliding...
>
> "any information which includes none of the contents of a communication and
> is about the use made by a person of a telecommunications service"
>
> An http string does not INCLUDE the contents of the thing that it refers to,
No, but it does contain the contents of a communication (namely the
request for the thing it refers to). To put it another way, if I ask you
a question, clearly it does not contain the answer, but that doesn't
mean it is without content.
OTOH, so-called "stateful inspection" by "layer 4" switches can turn
_any_ content into "communications data" (in particular, HTTP headers).
So, you've lost before you even start!
Of course, the correct answer is to protect all the content not needed
by routers with crypto, for example SSL or IPSEC.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/