https - hopefully not too stupid a question
Roland Perry
lists at internetpolicyagency.com
Sun Jun 17 16:26:36 BST 2012
In article <E1SgGcO-00035E-OR at skipnote.org>, Chris Edwards
<chris-ukcrypto at lists.skipnote.org> writes
>> In article <4FDDE873.8020906 at zen.co.uk>, Peter Fairbrother
>> <zenadsl6186 at zen.co.uk> writes
>> >
>> > The URL is (or should be) encrypted if there is a "s" in the http(s) part.
>>
>> So all the connectivity ISP knows is the IP address of the https server, which
>> is back to the situation under RIPA 21(6).
>
>Modern browsers send the hostname (ie. upto first single slash)
>in the clear, in order to facilities named-based virtual hosting
>for https. See:
>
> http://en.wikipedia.org/wiki/Server_Name_Indication
>
>Often, this is not hugely different from simply knowing the IP address of
>the server. But in some cases, knowing the service name may make it
>slightly easier to know what's being accessed.
Thank you, that makes a lot of sense. I had a gut feeling that sending
an entirely encrypted url off to an IP address might make it difficult
to digest, but this explanation clarifies the situation. (Which is
exactly the spirit of 21(6), as it happens).
--
Roland Perry
More information about the ukcrypto
mailing list