https - hopefully not too stupid a question
Chris Edwards
chris-ukcrypto at lists.skipnote.org
Sun Jun 17 15:38:20 BST 2012
On Sun, 17 Jun 2012, Roland Perry wrote:
> In article <4FDDE873.8020906 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
> >
> > The URL is (or should be) encrypted if there is a "s" in the http(s) part.
>
> So all the connectivity ISP knows is the IP address of the https server, which
> is back to the situation under RIPA 21(6).
Modern browsers send the hostname (ie. upto first single slash)
in the clear, in order to facilities named-based virtual hosting
for https. See:
http://en.wikipedia.org/wiki/Server_Name_Indication
Often, this is not hugely different from simply knowing the IP address of
the server. But in some cases, knowing the service name may make it
slightly easier to know what's being accessed.
More information about the ukcrypto
mailing list