On 11/5/10 4:27 AM, Ben McGinnes wrote: > On 5/11/10 9:39 AM, Ross Walker wrote: >> >> As for the SSL part, you can monitor traffic over it in a couple of >> ways. For internal services being served out you can have the SSL >> connection terminate at the gateway and the gateway establish an >> internal SSL connection to the service. For internal clients >> connecting to external services I have used SSL inspectors, these >> basically initiate an SSL connection to the destination, take the >> certificate, generate a per-destination itself and pass that to the >> client, basically acting as a man in the middle, as long as the >> gateway/inspector is a trusted intermediate CA and the subject is >> preserved then the client doesn't have a problem with it. > > I believe this is one of the methods that was looked at to enable ISPs > to filter/censor/log SSL connections should the government policies > become legislation here. Except for all outbound connections. The > rest of us call it a MitM (when used for outbound or between third > parties, not in your example). So if you really want privacy you need to run another layer of encryption end to end with an uncommon cipher? -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos