Re: [fw-wiz] Security of HTTPS
From: David Lang (david.lang_at_digitalinsight.com)
Date: 12/25/04
- Previous message: Barney Wolff: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
- In reply to: Kevin: "Re: [fw-wiz] Security of HTTPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Kevin <kkadow@gmail.com> Date: Sat, 25 Dec 2004 00:10:16 -0800 (PST)
sorry for the late reply, catching up on my mail
On Wed, 1 Dec 2004, Kevin wrote:
> Getting back on the topic of firewalls, I wonder if it would be
> possible for a firewall not doing MITM for SSL to validate the
> certificate presented by the remote server, and terminate the
> attempted SSL session if the certificate does not match the remote
> host, is not signed by an acceptable CA or has been revoked?
the problem is that the firewall doesn't know what the client is expecting
to see in the cert. it could check to see if the cert was signed by a
known orginization, but not if the identity of the host matches the
identity stipulated in the cert
David Lang
-- There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Barney Wolff: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
- In reply to: Kevin: "Re: [fw-wiz] Security of HTTPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
