Re: Security tool for monitoring HTTPS traffic?

[Imre Kertesz <ikertesz () fastq com>]

This kind of defeats the purpose of SSL, doesnt it? Its like UPS opening 
up boxes at the transfer station to check out what's inside and 
repackaging.  Interrupting SSL for any reason increases the risk of data 
compromise significantly, not to mention the privacy issues.  For this 
to happen legally, the organization using this mechanism has got to have 
a very clearly worded policy about intent.

-I

John Floyd wrote:

> There are Application Layer firewalls which can inspect HTTPS traffic to
> assure that the communications coming in are not maliscious attacks via
> the web browser.  These types of solutions will decrypt the traffic,
> inspect it, and then either re-encrypt or not, and send back to your web
> server. 
>
> http://www.infoworld.com/article/04/02/06/06FEsecureapp_1.html 
>
> Cheers
>
> John
>
>  
-· · ···- · ·-· ·--· · - ·- -··· ··- ·-· -· ·· -· --· -·· --- --·
"If you sit quietly at the edge of a river, eventually
you will see the bodies of your enemies float by" 
-A maxim of patience, author unknown

Imre Kertesz
PGP ID: 0xA5DD6F44