re SSL would prevent it, Re: Internet security flaw exposes private data

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: Christian Huitema <huitema () microsoft com>
> Date: January 17, 2010 3:20:02 PM EST
> To: "dave () farber net" <dave () farber net>, ip <ip () v2 listbox com>
> Subject: RE: SSL would prevent it, Re: [IP] Internet security flaw  
> exposes private data

> > With at least one authenticated end-point (the end-point server, as  
> > usual), SSL would NOT allow a AT&T caching server > that sits in- 
> > between to have had a "correct" SSL session between the wrong two  
> > end-points. See A. Menezes et al.,
> > /Handook of Applied Cryptography/, CRC Press, New York, 1997.
>
> Well, maybe. There are some proxies that actually decrypt SSL. They  
> are mostly sold to enterprises and the military now. The argument is  
> that security conscious organizations want to really control the  
> traffic. They treat an encrypted flow to the outside as a hole. The  
> proxy work by installing a trusted certificate authority on the  
> client computer, and then making up certificates on the fly while  
> relaying the SSL connections.
>
> I am not aware that ISP are deploying any such proxies. But there  
> are commercial effort to push them to do so, ostensibly for  
> controlling encrypted transmission of music files or other protected  
> content.
>
> -- Christian Huitema



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com