W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Mandatory encryption

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 19 Jul 2012 12:02:28 +0200
To: Anil Sharma <asharma@sandvine.com>
Cc: Roberto Peon <grmocg@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, "grahame@healthintersections.com.au" <grahame@healthintersections.com.au>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Mike Belshe <mike@belshe.com>
Message-ID: <20120719100228.GG16208@1wt.eu>
On Thu, Jul 19, 2012 at 09:55:54AM +0000, Anil Sharma wrote:
> " in HTTP they always force safesearch to on in outgoing
> requests so that they rely on google's ability to filter out unsuitable
> contents. In HTTPS they obviously can't do this so google images then
> becomes a single-handed browsing tool."
> Didn't understand this point? From compute server point of view (which is providing you search results) it shouldn't matter whether transport used was secure or not?
> Did I miss something?

When the request is sent in clear text, the proxy modifies it to force
"safesearch=on" in the requests so that Google refrains from returning
unsuitable contents. In https, it obviously cannot force that on the
users' request so the user has complete access to the whole internet
cached in "google images". There are places where this type of access
is not accepted at all so google is not in the SSL whitelist.

Received on Thursday, 19 July 2012 10:02:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:04 UTC