In message <CAHBU6itLXj1W2uGEFvMEemi5hBrYjmaeYq-8b0oJvzKdvCh34Q@mail.gmail.com> , Tim Bray writes: >How much information needs to be in the unprotected envelope? Because one >of the benefits of transport-level security is that a snooper, for example >a government tracking dissidents, knows little/nothing about my traffic >aside from the routing. Not a rhetorical question. -Tim And this is exactly about the routing. The three fields that today should be part of the envelope is "Host:", URI (Sans query part) and Session-Nonce. (Since we don't actually have a session-nonce, today people route on cookies.) And like all other message transfer systems from snail-mail and forward, the envelope need not give anything away, because what you put on it only have to get the message to the right place, it doesn't have to _be_ the message. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.Received on Friday, 13 July 2012 17:59:35 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 July 2012 17:59:41 GMT