tor 2006-04-13 klockan 12:09 +0200 skrev Mark Elsen:
> - Inspecting HTTPS is an ever increasing issue, in today's internet, because
> viruses e.d. can't be seen in encrypted streams.
> Bluecoat proxies offer this possibility too, as a man-in-the-middle decrypter
> and encrypter.
>
> My bank , however, provides me with a ssl based key, with strong
> encryption, for accessing it's web-banking application.
Such applications obviously won't work via decrypting https proxies and
must be excluded once approved for unfiltered use.. The use of client
certificates requires end-to-end SSL even if the client trusts the
man-in-the-middle. Or at lest I think this is the case even if I haven't
really verified this cryptographically, but if it wasn't then SSL client
certificate identification would be seriously flawed..
> Even without, I'd be wary, see-ing Hendrik with pina-colada in the
> Bahama's on what was eventually, my now, empty bank account ... :-) :-)
That's an interesting idea :-)
And is why you shouldn't accept a untrusted certificate for a trusted
site..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT