tor 2006-04-13 klockan 12:09 +0200 skrev Mark Elsen: > - Inspecting HTTPS is an ever increasing issue, in today's internet, because > viruses e.d. can't be seen in encrypted streams. > Bluecoat proxies offer this possibility too, as a man-in-the-middle decrypter > and encrypter. > > My bank , however, provides me with a ssl based key, with strong > encryption, for accessing it's web-banking application. Such applications obviously won't work via decrypting https proxies and must be excluded once approved for unfiltered use.. The use of client certificates requires end-to-end SSL even if the client trusts the man-in-the-middle. Or at lest I think this is the case even if I haven't really verified this cryptographically, but if it wasn't then SSL client certificate identification would be seriously flawed.. > Even without, I'd be wary, see-ing Hendrik with pina-colada in the > Bahama's on what was eventually, my now, empty bank account ... :-) :-) That's an interesting idea :-) And is why you shouldn't accept a untrusted certificate for a trusted site.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
