Wan-Teh Chang wrote on 7/23/2009 9:29 PM: > On Thu, Jul 23, 2009 at 7:10 PM, Bil Corry<b...@corry.biz> wrote: >> Can someone explain the security concerns with DNS prefetching from a HTTPS >> site? > > The concern is privacy. Prefetching DNS for host names referenced > in an HTTPS page leaks some info contained in that page.
Thanks for the response. Who is the data being leaked to? The DNS provider? The advisory sniffing packets off a public hotspot? And what information is being leaked? The hostname(s) that are referenced on the HTTPS page? I'm just trying to understand the complete risk involved. - Bil _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
