Firewall Wizards mailing list archives
Re: Security of HTTPS
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Mon, 29 Nov 2004 00:33:15 +0800
On Sun, Nov 28, 2004 at 03:38:09PM -0000, Kevin Sheldrake wrote:
I expect others do too, to enable content filtering at an organisational boundary, re-encrypting with their own certificate upon success. If their own certificate has been signed by a trusted party (CA) then the user will be practically unaware of the decryption.
Nit: Not "re-encrypting with their own certificate". More properly, proxy the HTTPS traffic, where the in-house part is between the browser and the proxy. The proxy generates a certificate for the real server dynamically, signs it with the in-house CA, and presents this certificate to the client as the server's certificate. If the in-house CA certificate has been signed by a trusted CA then the browser will accept this proxy certificate as the server's certificate. Be prepared to buy hardware SSL accelerators for the proxy. Cheers. -- Ng Pheng Siong <ngps () netmemetic com> http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Security of HTTPS, (continued)
- RE: Security of HTTPS Alex Bihlmaier (Nov 27)
- Re: Security of HTTPS Chuck Vose (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- RE: Security of HTTPS Servie Platon (Nov 27)
- RE: Security of HTTPS Paul D. Robertson (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 27)