Hosting Provided By

Re: large campus network ... sugestions

From: Martijn Brinkers <martijn.list(at)gmail.com>
Date: Sat Dec 15 2007 - 10:35:42 EST

On Sat, 2007-12-15 at 16:23 +0100, Roman Medina-Heigl Hernandez wrote:
> How does Bluecoat deal with the fact that HTTPS connections are secured
> point-to-point? If Bluecoat (or whatever) does some kind of MITM, client
> browser would detect it and HTTPS would be broken. I still don't get the
> point..

What you can do is install a trusted root certificate on the machines that connect through the proxy and have the proxy generate SSL certificates on the fly for the given domain. In other words, the proxy will be a CA issuing certificates for any kind of domain. The proxy will now need to check the SSL certificate of the external entity like CRL checking etc. The generated certificate can have the exact same content, the only difference is that it is now signed by the proxy CA.

Martijn Brinkers

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sat Dec 15 13:34:10 2007

This message: [ Message body ]
Next message: Robert B Jackson: "Robert B Jackson is on vacation."
Previous message: Jonas Andradas: "Re: large campus network ... sugestions"
In reply to: Roman Medina-Heigl Hernandez: "Re: large campus network ... sugestions"
Next in thread: Bastian Blank: "Re: large campus network ... sugestions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:34 EDT