[130146] in cryptography@c2.net mail archive
More man-in-the-middle'd SSL sessions on the way
daemon@ATHENA.MIT.EDU (Jerrold Leichter)
Fri Aug 8 10:40:04 2008
From: Jerrold Leichter <leichter_jerrold@emc.com>
To: Cryptography <cryptography@metzdowd.com>
Date: Fri, 8 Aug 2008 10:18:17 -0400
From an article about WAN optimization appliances in Computerworld:
In some markets, such as health and finance, [hiring] a managed
provider [who will do the encryption "outside" your routers] isn't a
good option for another reason: Because data is optimized in an
unencrypted state, privacy and security concerns arise. But vendors
such as Riverbed, Juniper Networks and Blue Coat Systems can serve as
a trusted "man in the middle" for optimizing data encrypted with SSL,
which is commonly used in applications with Web interfaces and other
Internet traffic. They terminate the encrypted session,
decrypt, optimize and then re-encrypt and forward the traffic.
[Gartner's Joe] Skorupa said most vendors are developing this
useful capability.
It may indeed be a useful capability - but widespread use will destroy
what little is left of the SSL trust model.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
