Re: [fw-wiz] Security of HTTPS
From: Ng Pheng Siong (ngps_at_netmemetic.com)
To: Frank Knobbe <email@example.com> Date: Mon, 29 Nov 2004 01:06:20 +0800
On Sun, Nov 28, 2004 at 10:43:47AM -0600, Frank Knobbe wrote:
> That issue is something I have on my mind ever since Michael Warfields
> discussion about this in Focus-IDS. I'd like to remember that issue for
> comparisons between SSL VPNs with other type of VPNs (IPSec or SSH) as
> these do not have the same ...uhm... weakness.
I'm assuming the issue you refer to here is the client's generating the
premaster secret during SSL handshaking, instead of using some kind of
keying material supplied by the server.
Is the Michael Warfields discussion entitled "SSL and IPS" and dated about
24 Jun 2004? I just skimmed that one very quickly: it seemed to be talking
about an IDS watching traffic over the wire, not a proxy doing MITM
actively and generating "pretend" certs on the fly.
> I still think people put too much stock in SSL VPNs.
SSL VPNs give you security without compromising convenience! Woo-hoo!
-- Ng Pheng Siong <firstname.lastname@example.org> http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards