Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security of HTTPS

From: David Lang <david.lang () digitalinsight com>
Date: Sat, 25 Dec 2004 00:10:16 -0800 (PST)
sorry for the late reply, catching up on my mail

On Wed, 1 Dec 2004, Kevin wrote:


Getting back on the topic of firewalls, I wonder if it would be
possible for a firewall not doing MITM for SSL to validate the
certificate presented by the remote server, and terminate the
attempted SSL session if the certificate does not match the remote
host, is not signed by an acceptable CA or has been revoked?
the problem is that the firewall doesn't know what the client is expecting to see in the cert. it could check to see if the cert was signed by a known orginization, but not if the identity of the host matches the identity stipulated in the cert 

David Lang


--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no 
deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: