Re: [fw-wiz] Security of HTTPS

From: Shimon Silberschlag (shimons_at_bll.co.il)
Date: 11/28/04

  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Security of HTTPS"
    To: <lordchariot@earthlink.net>, <firewall-wizards@honor.icsalabs.com>
    Date: Sun, 28 Nov 2004 16:08:35 +0200
    
    

    > there are some products
    > out there that intentionally decrypt an SSL connection.

    Erik,

    Can you give a list of those products? I'm only familiar with Finjan's Vital
    security for SSL.

    Shimon Silberschlag

    +972-3-9351572
    +972-50-7207130

    ----- Original Message -----
    From: <lordchariot@earthlink.net>
    To: <firewall-wizards@honor.icsalabs.com>
    Sent: Tuesday, November 23, 2004 18:00
    Subject: RE: [fw-wiz] Security of HTTPS

    >
    > I wouldn't necessarily call it a MITM attack, but there are some products
    > out there that intentionally decrypt an SSL connection. These type of
    > products will take an SSL certificate as presented from the web site, and
    > re-create a new one on-the-fly to present to the client browser. If the
    > product's CA cert is loaded into the client, there aren't any certificate
    > warnings. If not, then most people click through the cert warning anyway
    > because they don't know any better.
    >
    > These products are generally used to perform AV scans or Ad-Popup blocking
    > through an SSL connection. For example, an attachement coming in through
    > an
    > SSL webmail connection that needs to be virus scanned at the gateway.
    >
    > Erik
    >
    >
    >
    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Alex
    > Bihlmaier
    > Sent: Friday, November 19, 2004 6:07 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Security of HTTPS
    >
    > Good Morning.
    >
    >
    >
    > I am curious how strong the security of https can be.
    > Is there some possibility of a MITM attack?
    > Are there any papers out there outlining this aspect of security?
    >
    >
    >
    > //thalunil
    >
    >
    >
    > ----------------------------------------------------------------
    > kallisti.de webmail access - email on the road
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Security of HTTPS"