Re: HTTPS, proxies, and remote developers.

[Barney Wolff <barney () databus com>]

On Sat, Jun 14, 2003 at 01:31:03AM +0530, Devdas Bhagat wrote:
> I recently setup a mailserver for a software development company. The
> server has a web interface through usermin for password changing and
> handling GPG keys, running on a high port.
> This company has software developers located at their client locations,
> in different countries.
> The clients have proxies that block access to https, nor will they
> permit ssh/VPNs from their network to the development company by the
> offsite employees.
> The company has asked about the option of moving this to HTTP, but I have
> advised against it (given that GPG keys *may* be exposed on the
> Internet). If the company insists, I will move them to HTTP, with a
> written warning of the risk they are accepting.

Given the known and limited specific things that the web interface would
be providing, can't you get the same functions by having the clients
send PGP encrypted email to an address that's aliased to a script?

If the client co won't allow outbound encrypted email, then just have
the developers access the web interface from home.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards