- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 13 Jul 2012 17:59:12 +0000
- To: Tim Bray <tbray@textuality.com>
- cc: Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
In message <CAHBU6itLXj1W2uGEFvMEemi5hBrYjmaeYq-8b0oJvzKdvCh34Q@mail.gmail.com> , Tim Bray writes: >How much information needs to be in the unprotected envelope? Because one >of the benefits of transport-level security is that a snooper, for example >a government tracking dissidents, knows little/nothing about my traffic >aside from the routing. Not a rhetorical question. -Tim And this is exactly about the routing. The three fields that today should be part of the envelope is "Host:", URI (Sans query part) and Session-Nonce. (Since we don't actually have a session-nonce, today people route on cookies.) And like all other message transfer systems from snail-mail and forward, the envelope need not give anything away, because what you put on it only have to get the message to the right place, it doesn't have to _be_ the message. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 17:59:35 UTC