Re: Q: Howto - SSL Tunnel for End-to-End encryption

["Chandrashekhar B" <Bchandrashekar () novell com>]

Hi,

Usually this will be the scenario, 
[Web Client] <-> [Web Server (Apache)] / [Application Server
(WebLogic)] <-> [Database Server (Oracle)] in which case Web Server or
Application Servers will become the proxy. 

You can look at SSL Tunneling, here are few links,
http://muffin.doit.org/docs/rfc/tunneling_ssl.html 
http://developer.netscape.com/docs/manuals/proxy/ProxyUnx/SSL-TUNL.HTM


If you are looking at in the application layer, XML Encryption would be
the way to go,
http://xml.coverpages.org/ni2002-12-10-a.html 
http://www.w3.org/Encryption/2001/

Thanks,
Chandru.  



> > > "Ip, Ting Pong" <pong () cs ust hk> 4/27/2003 2:23:33 PM >>>
Hi all,

I am now researching on the implementation of end-to-end encryption for
the
following typical web application architecture.
[Web Client] <-> [Web Server (Apache)] <-> [Application Server
(WebLogic)]
<-> [Database Server (Oracle)]

I would like to make an end-to-end encryption from the web client to
application server so that no intermediate nodes could read the
transmitting
traffic.

However, I found that the Apache SSL-Proxy module would initiate the
SSL
connection from the web server to the Application Server.  Besides, the
SSL
connection from web client will terminate on the web server. 
Therefore, in
either case, the web server can read the transmitting traffic.  I am
thinking that to "rewrite" or "redirect" the web connection from the
web
server to the application server but this would expose the application
server to the public.

Other than implementing the end-to-end encryption on the application
level,
are there any network architecture that can achieve end-to-end
encryption
without bypassing the web server?

Thank you very much.

Pong