BAD NEWS :( Government amendments reinforce Big Browser
Ben Laurie
ben at algroup.co.uk
Sat, 10 Jun 2000 16:14:48 +0100
David Hopwood wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Jeremy Stein wrote:
> >
> > >The amendement to S.2 below seems absolutely to clarify that comms data
> > >INCLUDES signals for the actuation of apparatus, i.e the full http string,
> > >and therefore that conduct in relation to it DOES NOT constitute
> > >interception - therefore no warrant is required.
> > >
> > >Therefore Big Browser is very much alive folks...
> >
> > Are http requests encrypted during an SSL session, or is it only the actual
> > data that is encrypted?
>
> Requests are encrypted.
>
> > If the former, would this mean that if an anonymous web browsing proxy
> > equipped with SSL was used, the only information that could be gathered by
> > interception would be that you were connected to that particular proxy?
>
> By observing the timing and packet sizes of inputs and outputs, I believe
> that someone intercepting all of the proxy traffic could make pretty good,
> almost always correct guesses about which client session is connected to
> which web site.
This is what onion routing with cover traffic is for, of course.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/