Traffic Logging Suggestion

Juliusz Chroboczek Juliusz.Chroboczek at pps.jussieu.fr
Tue Aug 22 18:14:30 UTC 2006


> Or better yet, should there be a new international policy that all
> websites/ISPs should impose SSL? What would the effects be on traffic
> loads if this were to take place?

It would have the effect of making the web uncacheable by standard web
proxies.  Which would be a pity.

I think the point here is that ``HTTP basic'' (RFC 2617) authentication
over plain HTTP is hopelessly insecure.  As to ``HTTP digest'', my
feeling is that it can be implemented wrongly, and I'm not sure it can
be implemented to be secure.

I think the solution would be to make sure that your web browser never
uses HTTP authentication without also using SSL.  If anyone wrote a
firefox extension to make sure of that, he'd be doing us a favour.

                                        Juliusz




More information about the tor-talk mailing list