https - hopefully not too stupid a question

Roland Perry lists at
Sun Jun 17 16:26:36 BST 2012

In article <E1SgGcO-00035E-OR at>, Chris Edwards 
<chris-ukcrypto at> writes
>> In article <4FDDE873.8020906 at>, Peter Fairbrother
>> <zenadsl6186 at> writes
>> >
>> > The URL is (or should be) encrypted if there is a "s" in the http(s) part.
>> So all the connectivity ISP knows is the IP address of the https server, which
>> is back to the situation under RIPA 21(6).
>Modern browsers send the hostname (ie. upto first single slash)
>in the clear, in order to facilities named-based virtual hosting
>for https.  See:
>Often, this is not hugely different from simply knowing the IP address of
>the server.  But in some cases, knowing the service name may make it
>slightly easier to know what's being accessed.

Thank you, that makes a lot of sense. I had a gut feeling that sending 
an entirely encrypted url off to an IP address might make it difficult 
to digest, but this explanation clarifies the situation. (Which is 
exactly the spirit of 21(6), as it happens).
Roland Perry

More information about the ukcrypto mailing list