On Wed, 25 Feb 2009 10:04:40 -0800
Ray Dillinger <b...@sonic.net> wrote:

> On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
> > You're right, but it's not obvious to me how a site can tell an evil
> > MITM proxy from a benign shared web cache.  The sequence of page
> > accesses would be pretty similar.
> There is no such thing as a "benign" web cache for secure pages.
> If you detect something doing caching of secure pages, you need 
> to shut them off just as much as you need to shut off any other 

It's not caching such pages; it is acting as a TCP relay for the
requests, without access to the keys.  These are utterly necessary for
some firewall architectures, for example, and generally do not represent
a security threat beyond traffic analysis.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to