I'll go even further and respond to Dan's question earlier about the
prevalance of end-to-end encryption on the web. I'd say I've *never*
wanted or needed to protect the confidentiality of something I've sent or
received on the web but have been unable to use SSL to do so.
My bank, my broker and my home web server all support SSL, as do all
the various commerce sites from which I have bought products or
services with my credit cards. I'd say SSL is quite a success story.
But that's an entirely different issue from being able to hide which
publicly-accessible web sites I surf to. That problem remains largely
unsolved. Even end-to-end SSL wouldn't solve it if the URLs are
substantially the same to everyone and SSL merely encrypts the
contents of public web pages that anyone else can also fetch.
I've experimented with surfing over a SSH tunnel to a public caching
proxy, but that's still vulnerable to traffic analysis that correlates
the plaintext going into the proxy with the encrypted traffic going
back out to me. It's hard.
Phil
This archive was generated by hypermail 2b29 : Mon Jan 28 2002 - 09:12:29 EST