BAD NEWS :( Government amendments reinforce Big Browser
Philip Rowlands
phr at doc.ic.ac.uk
Wed, 07 Jun 2000 21:38:07 +0100
Jeremy Stein wrote:
>
> Are http requests encrypted during an SSL session, or is it only the actual
> data that is encrypted? If the former, would this mean that if an
> anonymous web browsing proxy equipped with SSL was used, the only
> information that could be gathered by interception would be that you were
> connected to that particular proxy?
As far as I know, the whole thing is encrypted. All you'd see by
watching the wire would be what I would call comms data; source address,
destination address, time of communication, possibly size of
communication.
I can't accept that once the end-to-end connection is made, that what is
said on that channel is "communications data". It is content, pure and
simple - if you need further persuading, consider CGI GET requests,
which are chock full of content.
Phil