0
I would like to "secure" my email, http servers and desktop client by connecting exclusively over TLS, be it email, in/out:80 or just regular "web surfing" traffic.
Will that prevent ISP and potential mans in the middle from spying on the traffic?
Quamchatka
Posted 2012-05-31T17:17:57.780
Reputation: 1
1
It will stop them reading the content of the traffic, but they will know the destination from when the TCP connection is set up; The IP address of the recipient cannot be encrypted when the connection is created otherwise the ISP's routers wouldn't know where to send the traffic. The content will be secured though.
If you want an extra layer of protection and you're really paranoid, look into tor, which will allow all traffic and its destination and source to be obscured.
jackweirdy
Posted 2012-05-31T17:17:57.780
Reputation: 754
0
The previous answer is right as far as ISPs are concerned, but if you replace "ISP" with "employer", the answer is emphatically NO, assuming that your employer has administrative or physical access to your machine (especially if its a Windows box on a domain). In that case, your employer can add new CA certs to your browser without your knowledge. This enables a Man-in-the-Middle attack on TLS by TLS/SSL interceptors (such as made by companies like Bluecoat). These interceptors decrypt your TLS/SSL traffic on the way out of and into the company.
Fran
Posted 2012-05-31T17:17:57.780
Reputation: 4 774
I would add that using Tor is a great idea, and can defeat TLS/SSL interceptors. – Fran – 2012-06-02T18:49:06.467