[fw-wiz] HTTPS, proxies, and remote developers.
From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
To: Firewall-Wizards <firstname.lastname@example.org> Date: Sat, 14 Jun 2003 01:31:03 +0530
I recently setup a mailserver for a software development company. The
server has a web interface through usermin for password changing and
handling GPG keys, running on a high port.
This company has software developers located at their client locations,
in different countries.
The clients have proxies that block access to https, nor will they
permit ssh/VPNs from their network to the development company by the
The company has asked about the option of moving this to HTTP, but I have
advised against it (given that GPG keys *may* be exposed on the
Internet). If the company insists, I will move them to HTTP, with a
written warning of the risk they are accepting.
I do not like the idea of unencrypted communication flowing over the
Internet for sensitive information. The company IT manager agrees with
me. The remote client does not like the idea.
What would be the easiest way to handle this situation? How would you
resolve a policy issue if one of your clients requires that you use
unencrypted traffic outbound from their network into yours.
(Their need to know for traffic on their network against your need for
firewall-wizards mailing list