IDS mailing list archives

Re: SSL and IPS (was RE: ssh and ids)

From: "Michael H. Warfield" <mhw () wittsend com>
Date: Wed, 30 Jun 2004 18:08:12 -0400

On Wed, Jun 30, 2004 at 01:39:38PM -0700, Peter_Schawacker () NAI com wrote:

Rob,

I think we've taken this topic as far as we can on this list.  There is
no question that the technology works -- we've had it in beta in real
world networks. The most important question is, "How will the market
value this technology?"  Only real-world implementations and time will
tell.  Let's just let the market decide the value of IPS decryption,
shall we?


        I love to keep things like this on lists like this.  In public.
I don't mind a little egg on my face when I'm proven wrong, that's
how I learn and I don't learn unless someone corrects me.  So let's
go for it.  This should be easy for you.

        The files are ready.

        You can let me know what the URL was that was requested.  You
can readily extract the server name from the cert.  The rest will
come from the decrypted session.

        Pull the files from here...

        Server's private key:
                https://www.wittsend.com/ssl-challenge/server.key.bin

                (There is no password on the key)

        Server's certificate:
                https://www.wittsend.com/ssl-challenge/server.crt.bin

        Dump of the session (tcpdump):
                https://www.wittsend.com/ssl-challenge/cl.tcpdump.bin

        I made them all .bin to avoid any Mime nonsense.

        You now have everything you claim to need.  Send me back the
URL and the html text of the page.  I want to see this.  I'll be
truely impressed if you can do what you claim to do.

Thanks, Mike (ISS), Marty (Sourcefire) and Jason (Sourcefire) for your
questions and comments.  Let's have this chat again six months from now.
;-)

Over and out.

Peter Schawacker, CISSP
Technical Evangelist
McAfee
Office 760 200 4258
Mobile 760 880 4258
ps () nai com


        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Attachment: _bin
Description:

Current thread:

RE: SSL and IPS (was RE: ssh and ids) Rob Shein (Jun 30)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jun 30)
  - RE: SSL and IPS (was RE: ssh and ids) Rob Shein (Jun 30)
- <Possible follow-ups>
- RE: SSL and IPS (was RE: ssh and ids) Peter_Schawacker (Jul 01)
  - Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 01)
    - Re: SSL and IPS (was RE: ssh and ids) Wouter Clarie (Jul 04)
    - Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 04)
  - Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 01)
- RE: SSL and IPS (was RE: ssh and ids) Peter_Schawacker (Jul 04)