Re: [fw-wiz] Security of HTTPS

• Previous message: Ng Pheng Siong: "Re: [fw-wiz] Security of HTTPS"
• In reply to: Ng Pheng Siong: "Re: [fw-wiz] Security of HTTPS"
• Next in thread: Shimon Silberschlag: "Re: [fw-wiz] Security of HTTPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Ng Pheng Siong <ngps@netmemetic.com>
Date: Sun, 28 Nov 2004 11:17:47 -0600

On Sun, 2004-11-28 at 11:06, Ng Pheng Siong wrote:
> Is the Michael Warfields discussion entitled "SSL and IPS" and dated about
> 24 Jun 2004? I just skimmed that one very quickly: it seemed to be talking
> about an IDS watching traffic over the wire, not a proxy doing MITM
> actively and generating "pretend" certs on the fly.

That's the one. And it came to mind when Erik said "I wouldn't
necessarily call it a MITM attack, but there are some products
out there that intentionally decrypt an SSL connection.", but then went
on to describe a MITM attack. My comment was that there are products
that don't present their own certificate (as in MITM), but instead
decrypt the SSL session on the fly (which of course requires the keys of
the server). The clients keys don't matter as the public key is
exchanged and the private key is not required.

> > I still think people put too much stock in SSL VPNs.
> SSL VPNs give you security without compromising convenience! Woo-hoo!

Heh... SSH VPNs give you convenience without compromising security! ;)

Cheers,
Frank

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Ng Pheng Siong: "Re: [fw-wiz] Security of HTTPS"
• In reply to: Ng Pheng Siong: "Re: [fw-wiz] Security of HTTPS"
• Next in thread: Shimon Silberschlag: "Re: [fw-wiz] Security of HTTPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Full-Disclosure] SSL Filtering ... The one method I'm familiar with for how to accomplish this with SSL ... SSL MITM box resigns the keys, and as long as the key is trusted by the ... (Full-Disclosure) Re: ssh security ... Of course exists the man-in-the middle by suplanting primarily keys, ... But if anyone is trying to MITM you, client alerts you that keys don't ... match to primarily ssh handshaking keys and possibly someone is MITM you. ... (freebsd-questions) MITM on 3TDES and why is the effective key lenght 112 bits ... Can anyone explain how the MITM works on 3TDES (three distinct keys)? ... key-length of 112-bit ... Saqib Ali ... (sci.crypt) RE: Session Hijacking ... > site C using SSL if site C supports SSL and user B ... > SSL server of site C -- in this case the MITM attack ... The MITM is still ITM by virtue of the DNS hijacking. ... Attacker A is able ... (Security-Basics) Re: Bank security question (newbie question) ... it is a des challenge/response authentication mechanism. ... countermeasure for MITM. ... http://www.garlic.com/~lynn/2003.html#52 SSL & Man In the Middle Attack ... (sci.crypt)