>> Also, to completely contradict that point, facebook with https enabled still >> uses a CDN, so the theory that https prevents CDNs from working is >> apparently wrong anyway.
> I said "possibly" because I wasn't sure. Maybe somebody can explain how it works and how the associated trust model works? The CDN has one TLS connection from the client to the CDN and another from the CDN to the server, it sees everything in plaintext. A CA signs the CDNs TLS server certificate so that it can still be accepted by browsers. Depending on the CA, different verifications of ownership may be made. This does raise the issue that these CDNs, which may be managing many large services, would be a great place to tap the wires. Maybe we should be discouraging them? Iain. -- Iain R. Learmonth MBCS Electronics Research Group School of Engineering University of Aberdeen Kings College Aberdeen AB24 3UE Tel: +44 1224 27 2799 The University of Aberdeen is a charity registered in Scotland No.SCO13683 _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
