On Wed, Mar 9, 2011 at 9:27 AM, Joachim Schipper
<joac...@joachimschipper.nl> wrote:
> On Wed, Mar 09, 2011 at 01:30:39AM -0800, erikmccaskey64 wrote:
>> I use privoxy. In the user.action file i have a redirect rule and a few
websites:
>>
>>
>> { +redirect{s@http://@https://@} }
>> .twitter.com
>> .facebook.com
>>
>>
>> Ok! it's working great, e.g.: if i visit any "*twitter.com" URL it gets
redirected to HTTPS!
>>
>>
>> But: with wireshark i can see some "OCSP" packets [
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ]
>>
>>
>> Question: What are these packets? Why aren't there in HTTPS?
>>
>>
>> Is my redirection method with privoxy is secure?
>
> The keys to legitimate certificates may fall in the hands of bad guys
> (e.g. when they hack a HTTPS server). This would allow the bad guys to
> redirect your HTTPS connections to their own machines without you seeing
> any warnings until the stolen certificates are no longer valid (which
> should allow them something like a year to steal your credit card).
>
> In order to prevent this, your computer asks a special server whether
> the certificate has been revoked. This is done over the OCSP protocol
> (there are other solutions); the connection is not encrypted, but the
> OCSP server's responses are digitally signed.
>
> So yes, your setup seems to work just fine (or as well as SSL does in
> the first place). The "HTTPS Everywhere" Firefox extension would be a
> less hacky solution, though.i'm curious as to why do you say that. afaik, https everywhere also works by rewriting the uri, just like privoxy or squid would, while not being limited to one browser, not being unable to log actions, not being unable to scale for a whole site instead of a single system, etc. > > B B B B B B B B Joachim > > -- > PotD: biology/bioperl - perl tools for bioinformatics > http://www.joachimschipper.nl/
