HTTPS proxy solutions

[Sigurd Urdahl <sigurdur () linpro no>]

Hi all,

does anyone know of commercially or freely available https proxies
that terminates the SSL traffic, thus allows for content scanning of
the traffic? 

I'm aware that such a solution need to generate certificates that the
clients accept.

What I'm thinking of is a proxy that gathers information about name
resolution done by clients and use that to generate a SSL certificates
for each connection.

E.g if the proxy gets a connection from IP a.b.c.d from host w.x.y.z,
it and, by some kind of magical glue, can figure out that host w.x.y.z
recently was given the information that host www.foo.com is at
a.b.c.d, it can also give the client a certificate for www.foo.com.

The connection can then quite easily be scanned and proxied to
www.foo.com.

As long as the issuing CA is trusted by the clients (which should be
quite easy to implement), the proxy would should be transparent to the
end-users.

So does anyone know of solutions either technically or functionally
equivalent ot this?

Or have I just overlooked something obvious and presented another
fundamentally flawed idea for a HTTPS proxy? (I hope not:-)

kind regards,

-sig

-- 
Sigurd Urdahl                           sigurdur () linpro no
Systemkonsulent og sånt        Systems consultant and such
Linpro A/S                           http://www.linpro.no/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards