[CentOS] https everywhere.
Gordon Messmer
gordon.messmer at gmail.com
Sun May 17 17:35:55 UTC 2015
On 05/16/2015 04:18 PM, Peter Lawler wrote:
> People monitoring your connection know what you've updated, and what you
> haven't, thus knowing what you may be vulnerable to, is a problem.
If I'm monitoring your https connection: I know the list of mirrors.
That's public information. I know when updates are released. That's
also public. I know when you last connected, so I can probably reason
what you haven't updated. If I track the amount of data you download, I
can probably tell if you skip an update, as well.
https doesn't improve your privacy in this application.
More information about the CentOS
mailing list