Firewall Wizards mailing list archives
Re: Security of HTTPS
From: Frank Knobbe <frank () knobbe us>
Date: Sun, 28 Nov 2004 11:17:47 -0600
On Sun, 2004-11-28 at 11:06, Ng Pheng Siong wrote:
Is the Michael Warfields discussion entitled "SSL and IPS" and dated about 24 Jun 2004? I just skimmed that one very quickly: it seemed to be talking about an IDS watching traffic over the wire, not a proxy doing MITM actively and generating "pretend" certs on the fly.
That's the one. And it came to mind when Erik said "I wouldn't necessarily call it a MITM attack, but there are some products out there that intentionally decrypt an SSL connection.", but then went on to describe a MITM attack. My comment was that there are products that don't present their own certificate (as in MITM), but instead decrypt the SSL session on the fly (which of course requires the keys of the server). The clients keys don't matter as the public key is exchanged and the private key is not required.
I still think people put too much stock in SSL VPNs.SSL VPNs give you security without compromising convenience! Woo-hoo!
Heh... SSH VPNs give you convenience without compromising security! ;) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Security of HTTPS Alex Bihlmaier (Nov 22)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS Alex Bihlmaier (Nov 27)
- Re: Security of HTTPS Chuck Vose (Nov 27)
- RE: Security of HTTPS Marcus J. Ranum (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- RE: Security of HTTPS Ben Nagy (Nov 23)
- Re: Security of HTTPS Kevin Sheldrake (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- <Possible follow-ups>
- RE: Security of HTTPS Jean-Denis Gorin (Nov 23)
- RE: Security of HTTPS Servie Platon (Nov 27)
- RE: Security of HTTPS Paul D. Robertson (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 27)
- RE: Security of HTTPS Servie Platon (Nov 27)