undefined | Better HN

0 pointsjacquesm11y ago0 comments

https would stop injection just the same and is just http-over-ssl/tls. You could also simply sign the the content (but that would still allow wire-tapping).

Both still leave the original text based protocol and would stop ISP header injection.

Another defense against such trickery would be a legal one: make it illegal to tamper with data sent between two peers on the internet.

Imagine the postal service opening your mail and changing a couple of words in your mail just because they could.

0 comments

3 comments · 1 top-level

haberman11y ago· 2 in thread

> Both still leave the original text based protocol and would stop ISP header injection.

SSL is not a text-based protocol.

jacquesmOP11y ago

Neither is TCP, but that's just a wrapper.

Inside the SSL/TLS wrapper it is still just HTTP.

It's no longer 'in the clear' but it is still very much a text based protocol.

haberman11y ago

And HTTP2 is essentially just a multiplexed wrapper around HTTP1-like semantics, AFAICS.

I'm not an HTTP2 expert, but I would bet that WireShark can make an HTTP2 session look basically the same as a bunch of HTTP1 requests. It's the same "wrapper" concept except it adds multiplexing.

1 more reply

j / k navigate · click thread line to collapse