Firewall Wizards mailing list archives
Re: Security of HTTPS
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Mon, 29 Nov 2004 01:06:20 +0800
On Sun, Nov 28, 2004 at 10:43:47AM -0600, Frank Knobbe wrote:
That issue is something I have on my mind ever since Michael Warfields discussion about this in Focus-IDS. I'd like to remember that issue for comparisons between SSL VPNs with other type of VPNs (IPSec or SSH) as these do not have the same ...uhm... weakness.
I'm assuming the issue you refer to here is the client's generating the premaster secret during SSL handshaking, instead of using some kind of keying material supplied by the server. Is the Michael Warfields discussion entitled "SSL and IPS" and dated about 24 Jun 2004? I just skimmed that one very quickly: it seemed to be talking about an IDS watching traffic over the wire, not a proxy doing MITM actively and generating "pretend" certs on the fly.
I still think people put too much stock in SSL VPNs.
SSL VPNs give you security without compromising convenience! Woo-hoo! ;-) -- Ng Pheng Siong <ngps () netmemetic com> http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security of HTTPS Alex Bihlmaier (Nov 22)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS Alex Bihlmaier (Nov 27)
- Re: Security of HTTPS Chuck Vose (Nov 27)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- Re: Security of HTTPS Kevin Sheldrake (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- <Possible follow-ups>
- RE: Security of HTTPS Jean-Denis Gorin (Nov 23)
- RE: Security of HTTPS Servie Platon (Nov 27)
- RE: Security of HTTPS Paul D. Robertson (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 27)
- RE: Security of HTTPS Servie Platon (Nov 27)