Re: large campus network ... sugestions

To: Roman Medina-Heigl Hernandez <roman@rs-labs.com>
Cc: Jonas Andradas <j.andradas@gmail.com>, debian-security@lists.debian.org
Subject: Re: large campus network ... sugestions
From: Martijn Brinkers <martijn.list@gmail.com>
Date: Sat, 15 Dec 2007 16:35:42 +0100
Message-id: <[🔎] 1197732942.7739.377.camel@ubuntu>
In-reply-to: <[🔎] 4763F15D.9060509@rs-labs.com>
References: <446399850712140157j7e237ec7l343598574614b3df@mail.gmail.com> <[🔎] 446399850712140304k1ef38b17t30737d62b1ec169b@mail.gmail.com> <[🔎] 4762AB37.1030104@wm1.at> <[🔎] 4762C302.7080200@rs-labs.com> <[🔎] 690ef5850712141054sb13275apc5154515bceb0a52@mail.gmail.com> <[🔎] 476387E7.6030803@rs-labs.com> <[🔎] 690ef5850712150647i774dc8e2x32eea30f2e7a201a@mail.gmail.com> <[🔎] 4763F15D.9060509@rs-labs.com>

On Sat, 2007-12-15 at 16:23 +0100, Roman Medina-Heigl Hernandez wrote:
> How does Bluecoat deal with the fact that HTTPS connections are secured
> point-to-point? If Bluecoat (or whatever) does some kind of MITM, client
> browser would detect it and HTTPS would be broken. I still don't get the
> point..

What you can do is install a trusted root certificate on the machines
that connect through the proxy and have the proxy generate SSL
certificates on the fly for the given domain. In other words, the proxy
will be a CA issuing certificates for any kind of domain. The proxy will
now need to check the SSL certificate of the external entity like CRL
checking etc. The generated certificate can have the exact same content,
the only difference is that it is now signed by the proxy CA.   

Martijn Brinkers

Reply to:

References:
- large campus network ... sugestions
  - From: "Tirla Adrian" <tirlaadi@gmail.com>
- Re: large campus network ... sugestions
  - From: Willi Mann <willi@wm1.at>
- Re: large campus network ... sugestions
  - From: Roman Medina-Heigl Hernandez <roman@rs-labs.com>
- Re: large campus network ... sugestions
  - From: "Jonas Andradas" <j.andradas@gmail.com>
- Re: large campus network ... sugestions
  - From: Roman Medina-Heigl Hernandez <roman@rs-labs.com>
- Re: large campus network ... sugestions
  - From: "Jonas Andradas" <j.andradas@gmail.com>
- Re: large campus network ... sugestions
  - From: Roman Medina-Heigl Hernandez <roman@rs-labs.com>

Prev by Date: Re: large campus network ... sugestions
Next by Date: Robert B Jackson is on vacation.
Previous by thread: Re: large campus network ... sugestions
Next by thread: Re: large campus network ... sugestions
Index(es):
- Date
- Thread