- From: Willy Tarreau <w@1wt.eu>
- Date: Sat, 14 Jul 2012 07:52:50 +0200
- To: Tim Bray <tbray@textuality.com>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, James M Snell <jasnell@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Fri, Jul 13, 2012 at 08:21:03PM -0700, Tim Bray wrote: > On Fri, Jul 13, 2012 at 11:21 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > > > > TLS communication today already have an envelope consisting of > > IP# + TCP port numbers, and unless your adversary is totally > > incompetent, he also has the DNS lookup that gave you that IP#. > > > > QED: Putting the "Host:" in the HTTP envelope does not leak any > > information your adversary doesn't already have or can guess. > > > > That?s just not true. There are lots of ways to get to a particular origin > server, and I would think that for a malicious person in the middle, the > Host header would be more interesting than the ostensible IP address. On > the other hand, I do understand why a payload-oblivious load balancer would > need to see that header. It is simply the case that we have two objectives > which are apparently in conflict. No, I don?t have a solution (or even a > strong opinion, yet, although I?m inclined to err on the side of protecting > user privacy at the expense of almost all else). -Tim Well, TLS offers SNI which also reveals the Host header in clear text, so your extreme view of privacy doesn't seem to be shared as much wich even these guys. Also, building a protocol fortress that prevents anyone from implementing it in real life is an effective way of protecting user privacy since the user won't have access to anything and thus won't reveal his intents. Maybe some people would even consider that revealing they have access to the internet affects their privacy so they need an invisible connection... At one point a limit must be set, otherwise it becomes totally non-sense. Host and IP are reasonably interchangeable, are used for routing the protocol to its destination, and if someone doesn't want to show what host he's going to, he'd better leave the net. And if even the TLS guys accept this, then I think this is a much acceptable limit. Regards, Willy
Received on Saturday, 14 July 2012 05:53:15 UTC