On Wed, 2011-03-09 at 01:30 -0800, erikmccaskey64 wrote: > But: with wireshark i can see some "OCSP" packets > [ http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol ] > > Question: What are these packets? Why aren't there in HTTPS? The page you referenced explains them. They're part of the verification process: HTTPS checks the certificate, and there's also another check to see if the certificate has been revoked. It's two processes, the certificate is stored on the website's server, the revocation (if there is one) comes from another place. Is your question why aren't they looked for with a HTTP accessed site? They'll be used with a HTTPS transaction, but won't be part of a HTTP one (insecure HTTP doesn't do any security tests). Or, do you mean why isn't the OCSP traffic, itself, done using HTTPS? Good question. > Is my redirection method with privoxy is secure? The basic premise seems okay, but such things fail when you hit parts of a site that are only accessible using HTTP. Then there's - securely accessing a site that behaves in an insecure manner, in itself, isn't much of an advantage. What are you trying to secure against? Man in the middle snooping? Are you using your home ISP, some internet cafe? -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
