Firewall Wizards mailing list archives
Re: HTTPS, proxies, and remote developers.
From: simonis () att net
Date: Sun, 15 Jun 2003 17:44:57 +0000
What would be the easiest way to handle this situation? How would you resolve a policy issue if one of your clients requires that you use unencrypted traffic outbound from their network into yours. (Their need to know for traffic on their network against your need for security).
It seems to be that the client has an irrational desire. Why would anyone disagree with having a VPN between two networks whose interconnection crosses a public network? There are many ways they could maintain visibility on their network while still allowing encryption. For example, using a point to point VPN with a preshared secret. TCPDump can, with knowlege of the preshared key, decrypt that traffic for monitoring. There are numerous other, more complex, means for decrypting/inspecting/encrypting VPN traffic, if the need really exists, and I would use this angle to herd this customer into the proper corral. -Ds _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- HTTPS, proxies, and remote developers. Devdas Bhagat (Jun 15)
- Re: HTTPS, proxies, and remote developers. Barney Wolff (Jun 15)
- Re: HTTPS, proxies, and remote developers. Paul Robertson (Jun 15)
- RE: HTTPS, proxies, and remote developers. Eugene Kuznetsov (Jun 16)
- <Possible follow-ups>
- Re: HTTPS, proxies, and remote developers. simonis (Jun 15)
- RE: HTTPS, proxies, and remote developers. Melson, Paul (Jun 16)
- RE: HTTPS, proxies, and remote developers. Hilal Hussein (Jun 22)