>
> I have been toying with the idea of making Squid a "man-in-the-middle"
> https proxy, decrypting the requests and encrypting them again in a new
> SSL session. But haven't found sufficient motivation to implement this
> yet..
>
> This obviously pretty much nullifies the end-to-end security of SSL
> transactions as they have to fully trust the proxy as an CA, but there
> is many environments where this isn't an issue and it's more important
> to be able to filter and inspect the https traffic.
>
>
- Inspecting HTTPS is an ever increasing issue, in today's internet, because
viruses e.d. can't be seen in encrypted streams.
Bluecoat proxies offer this possibility too, as a man-in-the-middle decrypter
and encrypter.
My bank , however, provides me with a ssl based key, with strong
encryption, for accessing it's web-banking application.
I'd be very ware however, to let this happen, via in-between-decrypting-
encrypting ssl proxies; yet allone that in this case this won't be possible
because the remote CA, will wan't to see my certificate and none-other.
Even without, I'd be wary, see-ing Hendrik with pina-colada in the
Bahama's on what was eventually, my now, empty bank account ... :-) :-)
M.
Received on Thu Apr 13 2006 - 04:09:55 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT