On Sep 27, 2011, at 4:55 PM, Jimmy Hess wrote: > On Tue, Sep 27, 2011 at 6:09 PM, Owen DeLong <o...@delong.com> wrote: >> On Sep 27, 2011, at 3:46 PM, Jimmy Hess wrote: >> >> No, it isn't because it requires you to send the domain portion of the URL >> in clear text and it may be that you don't necessarily want to disclose even >> that much information about your browsing to the public. > > That's OK. You're kind of mincing security objectives here. > In regards to preventing tactics such as domain hijacking bt service > providers, > the goal behind this would be integrity, not confidentiality. > > The objective of using SSL is not to strongly encrypt data to keep it > secret, it's > to apply whatever is necessary to provide a level of integrity assurance. > > The SSL cipher can almost be the null cipher, for all it matters, > but at least RC4 56-bit or so would be needed, because > the null cipher doesn't have message digests in TLS. > > -- > -JH
As has been pointed out... SSL certs do almost nothing for integrity. Owen