Re: [fw-wiz] Security of HTTPS

From: Ng Pheng Siong (
Date: 11/28/04

  • Next message: Frank Knobbe: "Re: [fw-wiz] Security of HTTPS"
    To: Frank Knobbe <>
    Date: Mon, 29 Nov 2004 01:06:20 +0800

    On Sun, Nov 28, 2004 at 10:43:47AM -0600, Frank Knobbe wrote:
    > That issue is something I have on my mind ever since Michael Warfields
    > discussion about this in Focus-IDS. I'd like to remember that issue for
    > comparisons between SSL VPNs with other type of VPNs (IPSec or SSH) as
    > these do not have the same ...uhm... weakness.

    I'm assuming the issue you refer to here is the client's generating the
    premaster secret during SSL handshaking, instead of using some kind of
    keying material supplied by the server.

    Is the Michael Warfields discussion entitled "SSL and IPS" and dated about
    24 Jun 2004? I just skimmed that one very quickly: it seemed to be talking
    about an IDS watching traffic over the wire, not a proxy doing MITM
    actively and generating "pretend" certs on the fly.

    > I still think people put too much stock in SSL VPNs.

    SSL VPNs give you security without compromising convenience! Woo-hoo!


    Ng Pheng Siong <> -+- M2Crypto, ZServerSSL for Zope, Blog -+- Database Engine with Transparent AES Encryption
    firewall-wizards mailing list

  • Next message: Frank Knobbe: "Re: [fw-wiz] Security of HTTPS"