Isn't this an interference in an encrypted communication, penalized by the
law? And ... as a user, how can you trust the confidentiality this
communication when you found out about?
marian
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ravi Chunduru
Sent: 08 December 2007 18:33
To: focus-ids@securityfocus.com
Subject: SSL - Man-in-the-Middle filtering
it seems that some network IPS devices and application firewalls are
not only providing SSL based HTTP inspection on server side, but also
on client side (i know of one IPS device which is in beta testing).
i understand that it is required as attacks can be sent in SSL to
avoid blocking.
when deployed on client side, these devices resign certificates (of
public servers) with local CA certificate. i see two aspects to it -
users need to trust local authority (enterprise administrators) and
second is users will have false sense of security (that is users are
no longer see the actual CA of server certificate).
any comments on acceptance of this functionality in enterprise deployments?
is there any standard mechanism (in SSL standard or in HTTP standard)
to send actual CA certificate to the browser by forward proxies?
thanks
Ravi
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
