I need to take that back. It looks like modern implementations of HTTPS send normal HTTP (headers, body and all) over an encrypted connection and this *would* protect the requested URLs. The only thing a man-in-the-middle would know is that a connection has been made and possibly how many bytes of encrypted data had been sent/received.
On Mon, Oct 3, 2011 at 3:13 PM, Aaron Halfaker <aaron.halfaker@gmail.com> wrote:This is a good point, especially because I meant to send it to Communications Committee list, not RCOM. Too many committees in my contact list. ;)
HTTPS doesn't hide the URL of the pages you visit. Instead it hides the content of the page you requested (public) and the content you sent (public if it was an edit).
-Aaron
_______________________________________________
RCom-l mailing list
RCom-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/rcom-l