[144302] in cryptography@c2.net mail archive
Re: Security through kittens, was Solving password problems
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Feb 25 14:41:21 2009
Date: Wed, 25 Feb 2009 13:41:04 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Ray Dillinger <bear@sonic.net>
Cc: John Levine <johnl@iecc.com>, cryptography@metzdowd.com,
vwelch@illinois.edu
In-Reply-To: <1235585080.28343.4.camel@localhost>
On Wed, 25 Feb 2009 10:04:40 -0800
Ray Dillinger <bear@sonic.net> wrote:
> On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
>
> > You're right, but it's not obvious to me how a site can tell an evil
> > MITM proxy from a benign shared web cache. The sequence of page
> > accesses would be pretty similar.
>
> There is no such thing as a "benign" web cache for secure pages.
> If you detect something doing caching of secure pages, you need
> to shut them off just as much as you need to shut off any other
> MITM.
It's not caching such pages; it is acting as a TCP relay for the
requests, without access to the keys. These are utterly necessary for
some firewall architectures, for example, and generally do not represent
a security threat beyond traffic analysis.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
