Firewall Wizards mailing list archives
Integrating firewall into crypto infrastructure?
From: ark () eltex ru
Date: Fri, 16 Aug 2002 05:28:50 +0400 (MSD)
nuqneH, (SSL this time. dealing with IPSEC is obvious, doing kerberos is damn tricky and i have no time for it) I am going to SSLify proxies on my firewall. Well, i have to admit i don't really like that because OpenSSL library is huge and thus potentially dangerous code and supplementary protocols like LDAP are sometimes no better, but IPsec unfortunately does not provide application-level control API to fit our needs. I will make separate compile targets so customers who do not need SSL may avoid any consequences ;-) And ssl is supported by may clients and servers out of the box. As far as i see SSL awareness of most firewalls on the market is limited to handling CONNECT style requests ;-) So the question is: are there any good practices, whitepapers or just products with ideas to steal related to integrating firewall into PKI? What is the proper way to link certificates to peers in firewall configuration, what should "ideal" product look like? Is using internal LDAP server for certificate storage a good idea? If i am going to store peer certificates on firewall itself how should i manage it to keep thing usable? What are other certificate chain related issues to keep in mind? -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Integrating firewall into crypto infrastructure? ark (Aug 15)
- Re: Integrating firewall into crypto infrastructure? Andras Kis-Szabo (Aug 17)