Firewall Wizards mailing list archives
Re: Firewall best practices
From: ArkanoiD <ark () eltex net>
Date: Wed, 28 Apr 2010 20:56:15 +0400
Surely the whole thing is about *policies*, not 'devices'. Yes, we knew that since the very beginning that PKI on the internets is just a cardhouse. But we yet to see a root CA to commit business suicide such an unusual way (and it is surely a suicide as detection is easy and chances to do that unnoticed are pretty low). The problem is, it doesn't necessary needs to be root CA. Just any entity with properly signed certificate with CA basic constraints set. On Tue, Apr 27, 2010 at 11:12:40AM -0500, Fetch, Brandon wrote:
Too late: http://files.cloudprivacy.net/ssl-mitm.pdf And these devices are already in deployment...now, imagine one of these with a wildcard certificate running at a coffee house, or at the aggregation point within a provider's CO POP...
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall best practices, (continued)
- Re: Firewall best practices ArkanoiD (Apr 28)
- Re: Firewall best practices Nate Itkin (Apr 27)
- Re: Firewall best practices Dave Piscitello (Apr 27)
- Re: Firewall best practices Carson Gaspar (Apr 27)
- Re: Firewall best practices Fetch, Brandon (Apr 27)
- Re: Firewall best practices lordchariot (Apr 28)
- Re: Firewall best practices Bruce B. Platt (Apr 30)
- Re: Firewall best practices Cian Brennan (Apr 28)
- Re: Firewall best practices Fetch, Brandon (Apr 28)
- Re: Firewall best practices Mathew Want (Apr 30)
- Re: Firewall best practices ArkanoiD (Apr 30)
- Re: Firewall best practices Marcus J. Ranum (Apr 30)
- Re: Firewall best practices ArkanoiD (Apr 27)
- Re: Firewall best practices Dave Piscitello (Apr 22)
- Re: Firewall best practices Marcus J. Ranum (Apr 15)