Firewall Wizards mailing list archives
Re: Firewall best practices
From: "miedaner" <miedaner () twcny rr com>
Date: Sat, 1 May 2010 13:39:54 -0400
From my memory banks...
In the early days of the Internet there were two competing proposals to allow secure transmission of data between two entities that did not know eachother (no way to build trust exchange encryption keys and params) HTTPS (aka SSL) SHTTP (aka Secure HTTP) It is no coincidence that SSL was adopted given that Netscape was the primary Wenserver in those days. At least that is what the ISP I was at used in the 1990's. I personally thought SHTTP was a better at least on paper. SSL has been plagued with implementation problems for years. On top of the implementation problems comes that fact that the trust is only good as the signing CA AND what is in your browser. Beyond that a simple click by the users can totally topple the entire trust hierarchy - oh well. And don't forget that and virus can slide in a CA certificate into your browser - I have written code that will slide a CA certificate into the broswer CA store silently. Want to get scared, look at the list of CA's, Internediate signers, etc. in your broswers certificate store. No love for Verisign here, indeed I have questioned some of there practices. They seem to really like to make money. That being said SSL for good or bad helped facilitate E-Commerce for good or bad. It is ubiquitous today. ajm "With all due respect to Paul and Marcus, SSL is NOT crappy! Most bugs are implementation induced (openSSH or other less known) and the most known SSL strip vulnerability is not a problem of SSL but rather a user awareness issue, because if everyone payed attention to the 's' in https on their browser, that attack wouldn't be so troublesome." _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall best practices miedaner (May 01)
- <Possible follow-ups>
- Re: Firewall best practices david (May 10)
- Re: Firewall best practices david (May 14)
- Re: Firewall best practices ArkanoiD (May 17)
- Re: Firewall best practices david (May 14)