On 06/12/16 15:15, Kim Holburn wrote:
https creates an encrypted connection with an IP address before any data is transmitted. In this case the only "metadata" as such is a connection between 2 IP addresses and a destination port number. Since there can be a number of virtual servers on one IP, it may not be enough data to identify the website you visited.
FWIW, HTTPS can support multiple virtual servers on a single IP address using a mechanism called SNI (server name indication), and in that mechanism the host name is sent unencrypted, meaning that it can be captured and recorded. Whether or not an ISP/provider is required to do that I have no idea.
https://security.stackexchange.com/questions/86723/why-do-https-requests-include-the-host-name-in-clear-text Hamish _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
