BAD NEWS :( Government amendments reinforce Big Browser
David Hopwood
hopwood at zetnet.co.uk
Fri, 09 Jun 2000 03:51:15 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Jeremy Stein wrote:
>
> >The amendement to S.2 below seems absolutely to clarify that comms data
> >INCLUDES signals for the actuation of apparatus, i.e the full http string,
> >and therefore that conduct in relation to it DOES NOT constitute
> >interception - therefore no warrant is required.
> >
> >Therefore Big Browser is very much alive folks...
>
> Are http requests encrypted during an SSL session, or is it only the actual
> data that is encrypted?
Requests are encrypted.
> If the former, would this mean that if an anonymous web browsing proxy
> equipped with SSL was used, the only information that could be gathered by
> interception would be that you were connected to that particular proxy?
By observing the timing and packet sizes of inputs and outputs, I believe
that someone intercepting all of the proxy traffic could make pretty good,
almost always correct guesses about which client session is connected to
which web site.
- --
David Hopwood <hopwood@zetnet.co.uk>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOUBbUTkCAxeYt5gVAQEjpggAn3wopES33g3o+EsD4DZO/6ePpjLCZuja
DvwXNvj86YfkDC06TVCbPZXA1xPcHE32x0JO+OPHxDYxMuHqmpvndwWhNO3N19+H
Hw4uJj1Bje/Tdd7GWeGVUfHUS7NoFhBpR7FB3USlSbcmbebAVoc6NaWnwqCfQ8mH
2R0VT4vkphk2C7Y1X+kK2fPvM/psscCapyVfq+2shnsEE6E2vPbNfetuYV+8H2qE
sBL1y3ytUxA6zigFdtq4e/aH/mafLCvzv7XIN1NTA+wr0OTYVkseFVEk/sjELBkQ
NPrynCNI2zEjk94Qd0+umd/X3FWZov1vdVUbQ+scgS4vwBqvBPTvsA==
=cGuG
-----END PGP SIGNATURE-----