VPN's ?.

Page may contain affiliate links. Please see terms for details.
Tin Pot

Tin Pot

Guru
That’s TMN to me twice now
 
Tim Hall

Tim Hall

Guest
Location
Crawley
Tin Pot said:
TLAs not abbreviations :smile:

Domain Name Service
Internet Protocol
Universal Resource Location
Transport Control Protocol
Secure Sockets Layer
HyperText Transfer Protocol

Any errors, I blame intellitext/autocorrect.

Oh and Three Letter Acronym. ;)
Click to expand...
Some (me included) would say they're not acronyms as the initials don't make a word. Scuba is an acronym, as is NATO. DNS isn't a word, so isn't an acronym .
 
Ming the Merciless

Ming the Merciless

There is no mercy
Location
Inside my skull
Tin Pot said:
SSL is point to point, not end to end, but it does make confidential the content of your interactions with a website from your ISP.
Click to expand...

One end iis your computer (the client) the other end is the website (the server). There are many points between the client and server, including isp servers, Internet backbone servers, routers, switches , etc etc. But the connection is fully encrypted from one end (the client) to the other end (the server). It certainly does not go from point to point being decrypted then re-encrypted. It is end to end between client and server.
 
Tin Pot

Tin Pot

Guru
YukonBoy said:
Well for a title that is VPN's ?. Seems a perfect fit.
Click to expand...

In fact it is this TLA that holds its own clue, if I may take some license...Virtual Private Network - virtual, not actual private network.

VPNs can be secure enough to carry even the most sensitive transmissions, if properly administered, but they are not the same thing as actual private networks - physically separated, not logically segregated, end to end.

(He says, retreating from grammar to infosec as rapidly as is polite)
 
Tin Pot

Tin Pot

Guru
YukonBoy said:
One end iis your computer (the client) the other end is the website (the server). There are many points between the client and server, including isp servers, Internet backbone servers, routers, switches , etc etc. But the connection is fully encrypted from one end (the client) to the other end (the server). It certainly does not go from point to point being decrypted then re-encrypted. It is end to end between client and server.
Click to expand...

You’re thinking too simply, transactionally, client-server. Browsing is more complex than that. A single html page on a single physical server serving nothing but resources in its own domain, accessed directly is a rare these days. It’s useful hypothetically, but in reality you can forget it.

I’m not saying you’re wrong, it’s a clear technical explanation.

Anyhoo, kids are in bed I can relax now, work tomorrow ;)
 
Ming the Merciless

Ming the Merciless

There is no mercy
Location
Inside my skull
Tin Pot said:
You’re thinking too simply, transactionally, client-server. Browsing is more complex than that. A single html page on a single physical server serving nothing but resources in its own domain, accessed directly is a rare these days. It’s useful hypothetically, but in reality you can forget it.

I’m not saying you’re wrong, it’s a clear technical explanation.

Anyhoo, kids are in bed I can relax now, work tomorrow ;)
Click to expand...

LOL I was mot thinking that simply. Just keeping my descriptions relevant to the context described. If you have an uninterrupted encrypted connection between two parties than you can consider it end to end. How the data is treated internally by one of the two parties does affect that status, nor does a web page requiring resources from other domains impact that. The latter will in fact generate an entirely different connection from the browser to the other domain.
 
Tin Pot

Tin Pot

Guru
YukonBoy said:
LOL I was mot thinking that simply. Just keeping my descriptions relevant to the context described. If you have an uninterrupted encrypted connection between two parties than you can consider it end to end. How the data is treated internally by one of the two parties does affect that status, nor does a web page requiring resources from other domains impact that. The latter will in fact generate an entirely different connection from the browser to the other domain.
Click to expand...
In fact it does matter, because it is not necessarily internal, no it won’t generate a different connection if it’s masked in an api feed or iframe, and you’re describing point to point, not end to end.

But it’s bedtime! Let’s save it.
 
r04DiE

r04DiE

300km a week through London on a road bike.
Tin Pot said:
As always, I will just put a few principles out there:

What makes you think any of these companies offer privacy, confidentiality or secrecy?

What activity do you want to hide, that you want these companies to know?

Even Cisco.
Click to expand...
Well, you can read their privacy policy - that's the best way to see what logs they may keep. As for hiding, I don't agree with that term. People want privacy, they deserve privacy and it is the unlawful and immoral big businesses that are plundering the privacy of many and therefore necessitating the use of VPNs and the like.
 
Ming the Merciless

Ming the Merciless

There is no mercy
Location
Inside my skull
Tin Pot said:
In fact it does matter, because it is not necessarily internal, no it won’t generate a different connection if it’s masked in an api feed or iframe, and you’re describing point to point, not end to end.

But it’s bedtime! Let’s save it.
Click to expand...

Let's say a webpage on domain A contains an iframe pointing to domain B. Then the browser will resolve the domain B hostname to an IP address. Then it will establish a new TCP connection to that IP address. Then retrieve the resources necessary to render the contents of that iframe. It does not retrieve those resources through the connection to domain A's servers,

Take the API. I take it you are referring to an API served from domain A that consumes an API from domain B in the background. Well of course there is no end to end encryption between the client (user) and Domain B, but then there is no connection or relation or relationship between the client and domain B anyway. The relation there is between domain A and domain B servers. With domain A acting as client of domain B servers in that instance.

We can of course come up with scenarios where an end to end encrypted connection does not exist between two parties. But that is not necessarily a property of the encryption used. SSL can act as end to end encryption where it terminates at the servers of the two parties involved.
 
Tin Pot

Tin Pot

Guru
YukonBoy said:
SSL can act as end to end encryption where it terminates at the servers of the two parties involved.
Click to expand...

Yes, it can. But as the client, you are unable to determine if it is.

You'll either have to take it from me, or I can agree to disagree, that those scenarios are a breach of security domains.
 
You must log in or register to reply here.
Top Bottom