> > You can use SSL over anything. > > Not quite, You can use almost anything over SSL rather than reverse. You got me there. > > telnet over SSL is called ssh. > > No, it is not. SSH is also based on SSL but it is not just telnet over > SSL. Telnet over SSL is telnet over SSL. Ok, that simplifaction was to far going. > > Sure, some people use this. (Not me, yet) It works like ftp or http - > > requires to exchange an x.509 certificate and then goes on with an encrypted > > conenction. > > And It can be used to encrypt only control stream, or both data and > control streams. So connection tracking is out of the question. However, the router could act as a 'man in the middle' ssl proxy, and then it could decrypt ftp-control and track these connections. Is there any software that actually does that to aid netfilter? > Latest draft about the topic is in: > http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt So it's still a draft, no wonder I never got to reading that :) > Regards Regards, Maciej
