I need to take that back.  It looks like modern implementations of HTTPS send normal HTTP (headers, body and all) over an encrypted connection and this *would* protect the requested URLs.  The only thing a man-in-the-middle would know is that a connection has been made and possibly how many bytes of encrypted data had been sent/received.

It looks like I need to send an email to my Internet Programming professor.  ;) 

-Aaron

On Mon, Oct 3, 2011 at 3:44 PM, Steven Walling <swalling@wikimedia.org> wrote:
On Mon, Oct 3, 2011 at 3:13 PM, Aaron Halfaker <aaron.halfaker@gmail.com> wrote:

HTTPS doesn't hide the URL of the pages you visit.  Instead it hides the content of the page you requested (public) and the content you sent (public if it was an edit). 

-Aaron

This is a good point, especially because I meant to send it to Communications Committee list, not RCOM. Too many committees in my contact list. ;)  


--
Steven Walling
Community Organizer at Wikimedia Foundation


_______________________________________________
RCom-l mailing list
RCom-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/rcom-l