Re: [fw-wiz] HTTPS, proxies, and remote developers.

• Previous message: Barney Wolff: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
• Maybe in reply to: Devdas Bhagat: "[fw-wiz] HTTPS, proxies, and remote developers."
• Next in thread: Paul Robertson: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Firewall-Wizards <firewall-wizards@honor.icsalabs.com>
Date: Sun, 15 Jun 2003 17:44:57 +0000

>
> What would be the easiest way to handle this situation? How would you
> resolve a policy issue if one of your clients requires that you use
> unencrypted traffic outbound from their network into yours.
> (Their need to know for traffic on their network against your need for
> security).
>

It seems to be that the client has an irrational desire. Why would
anyone disagree with having a VPN between two networks whose
interconnection crosses a public network? There are many ways they
could maintain visibility on their network while still allowing
encryption. For example, using a point to point VPN with a preshared
secret. TCPDump can, with knowlege of the preshared key, decrypt
that traffic for monitoring. There are numerous other, more complex,
means for decrypting/inspecting/encrypting VPN traffic, if the need
really exists, and I would use this angle to herd this customer into
the proper corral.

-Ds
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Barney Wolff: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
• Maybe in reply to: Devdas Bhagat: "[fw-wiz] HTTPS, proxies, and remote developers."
• Next in thread: Paul Robertson: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]