Firewall Wizards mailing list archives
Re: Application Proxy/L7 Firewall Recommendation?
From: Adam Shostack <adam () homeport org>
Date: Fri, 6 Sep 2002 09:28:00 -0400
On Fri, Sep 06, 2002 at 01:28:41AM -0400, Carson Gaspar wrote: | | - The proxy must be a CA able to automatically sign certificates (or must | be able to request certificates from another system) | - The generated cert is then used to initiate a TLS session with the client | | There are some technical issues with this: | - Cert generation is computationally expensive. This is mitigated by | caching the certs. Actually, key generation is expensive, cert generation is relatively cheap. (Or so I expect. Even all that x.509 cruftage should take less time than finding a set of primes.) I pick this nit because it should be possible to generate one key (or one key daily) and just sign that with new and appropriate certified information surrounding it, speeding up the process dramatically. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application Proxy/L7 Firewall Recommendation? Jeff Newton (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Adam Shostack (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 05)
- <Possible follow-ups>
- RE: Application Proxy/L7 Firewall Recommendation? Dawes, Rogan (ZA - Johannesburg) (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 06)
- RE: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- Re: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? Noonan, Wesley (Sep 09)
- RE: Application Proxy/L7 Firewall Recommendation? kaptain (Sep 09)