On Sat, 13 Mar 2010, Adam Thompson wrote: > Chris Travers wrote: >> On Sat, Mar 13, 2010 at 5:21 PM, Luke<account...@lists.tacticus.com> wrote: >>> I am assuming SSL. Correct me if I am wrong, but my recollection is that >>> the query string (I.E. get) is in the clear with SSL, whereas post data is >>> not. >>> Do I have a fundimental misunderstanding or massive brain fart here? >> >> The SSL negotiation occurs as part of the socket establishment (hence >> the name). This is why you can't supply different certificates based >> on, say, the HOST header. SSL protects the whole socket, not just the >> payload. > > Translation: yes, you have a fundamental misunderstanding. The second > most common one, in my experience, so I won't accuse you of a "massive > brain fart", as amusing as that might be :-). > > Since understanding of how SSL works is still quite rare in practice, > and *many* people arrive at erroneous conclusions based on incorrect or > incomplete knowledge, I'd like to expand a bit on Chris' statements:
Very nice explanation. If, at some point in the last [disterbingly large number of years building SSH and VPN tunnels of various kinds] I had stopped for a bit to consider the name in depth, I might have got there. I certainly should have, and I'm going to tell myself that I would have, if I had only taken the time to really think about it. Yeah, that's the ticket. That fine writeup goes into my "useful stuff to keep around and forward" file. Luke ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Ledger-smb-devel mailing list Ledger-smb-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
