

1.3% of web pages altered in transit - procrastitron
http://arstechnica.com/news.ars/post/20080416-research-1-3-percent-of-web-pages-altered-in-transit.html

======
procrastitron
I appreciate the use of the tripwires for detecting the modifications, but the
article also suggests using them to fight the practice. This is basically a
man-in-the-middle attack, so wouldn't using secure http prove a better
solution than tripwires? Anyone know why you would prefer to use the
tripwires?

~~~
gaika
Latency and throughput of HTTPS is much much worse than pure HTTP, the
original paper has more details on this.

~~~
procrastitron
That actually really surprises me. Is this just a limitation of the major
implementations, or is there something fundamental about the design that slows
it down? (I'm not familiar with the details of the protocol)

~~~
gaika
Protocol itself is ok, the problem is that it is tunneled inside TCP, so on
top of TCP SYN/ACKs you have HTTPs certificate exchange and then cypher
negotiation just to establish connection. Once established the cypher becomes
another slowdown.

~~~
aflag
Would it make things unbearable? I've accessed https websites and I didn't
even know they were slower up until now. Am I missing something?

------
TrevorJ
I posted a comment but then I read it and it was stupid. Obviously something
happened to it in transit.

