dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
65

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

rchandra

Premium Member

encrypt, encrypt, encrypt

HTTPS Everywhere.

If they are to hold to their policy, how is it they're supposed to know what streaming is, or "Web surfing?" The first thing that happens during HTTPS is an encryption handshake. After that, arbitrary content is passed back and forth, which could be pipelined requests (thus the connection is not torn down). So unless they have the server's private key (to do even deeper packet inspection) or they're going to make their surfing/streaming/other classification based on IP address, they're system is quite flawed. Unless some other metric would be used, such as connection duration, I could just set up a Linode with OpenVPN (or whatever) listening on TCP port 443, and they SHOULD be none the wiser. I mean, it's just stupid silly.
silbaco
Premium Member
join:2009-08-03
USA

silbaco

Premium Member

They actually mention that they prohibit the use of VPNs on this plan.

rchandra
Stargate Universe fan
Premium Member
join:2000-11-09
14225-2105
ARRIS ONT1000GJ4
EnGenius EAP1250

rchandra

Premium Member

...and how exactly are they supposed to tell the difference with an SSL or TLS VPN run on TCP port 443? From outside the tunnel, that's going to look like pipelined HTTPS Web surfing. It's folly. For good measure, It's certainly possible the "far" endpoint could even have an HTTP server which must have a specific HTTP request sent to it to complete the tunnel handshake, should they choose to make some sort of test connection. ViaSat wouldn't know what the contents of that HTTP request needs to be because, again, the first thing which happens is the SSL or TLS handshake, and then inside that would be any HTTP request or VPN. What ViaSat sees is in essence digital noise, unless somehow they manage to gain access to the private key. They're essentially running on the honor system to say "VPNs are off."
Spice300
Premium Member
join:2006-01-10

Spice300 to rchandra

Premium Member

to rchandra
Secure HTTP will count against the 5 GB/month limit for precisely the reason you mention: Exede will not be able to distinguish one packet from another.