Traffic Logging Suggestion
Juliusz Chroboczek
Juliusz.Chroboczek at pps.jussieu.fr
Tue Aug 22 18:14:30 UTC 2006
> Or better yet, should there be a new international policy that all
> websites/ISPs should impose SSL? What would the effects be on traffic
> loads if this were to take place?
It would have the effect of making the web uncacheable by standard web
proxies. Which would be a pity.
I think the point here is that ``HTTP basic'' (RFC 2617) authentication
over plain HTTP is hopelessly insecure. As to ``HTTP digest'', my
feeling is that it can be implemented wrongly, and I'm not sure it can
be implemented to be secure.
I think the solution would be to make sure that your web browser never
uses HTTP authentication without also using SSL. If anyone wrote a
firefox extension to make sure of that, he'd be doing us a favour.
Juliusz
More information about the tor-talk
mailing list