WebApp Sec mailing list archives

Re: key storage

From: George Capehart <gwc () acm org>
Date: Sat, 4 Sep 2004 17:14:54 -0400

On Saturday 04 September 2004 14:57, Frank Knobbe allegedly wrote:

On Sat, 2004-09-04 at 13:53, Frank Knobbe wrote:

Shops with SSL terminating load-balancers (for intrusion detection
reasons) already take advantage of that... although they are mostly
unaware of that :)


In all fairness I should mention that these shop lose the advantage
of SSL to the server which allows an intruder to sniff the traffic at
the server. But at least they don't get the certificate.

Of course the question is, which is more important. Confidentiality
of the key, or confidentiality of the date you are trying to protect
:)


If the load balancers and the Web server(s) use IPSec among themselves, 
that would solve the problem, wouldn't it?

BR,

/g
-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925

Current thread:

RE: key storage, (continued)
- RE: key storage Brown, James F. (Aug 30)
  - RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)
  - RE: key storage Ajay (Aug 31)
  - Re: key storage George Capehart (Sep 02)
    - RE: key storage Mark Curphey (Sep 05)
    - RE: key storage Frank Knobbe (Sep 04)
    - RE: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
    - Re: key storage Frank Knobbe (Sep 04)
    - Re: key storage George Capehart (Sep 04)
- RE: key storage Michael Howard (Sep 01)
- Re: key storage Jason Coombs PivX Solutions (Sep 05)
  - Re: key storage Ajay (Sep 05)