[EMAIL PROTECTED] wrote: >>From a description of the Imperva "SecureSphere" technology. Imperva makes > firewalls that can "look inside" SSL sessions: > > SSL Security that Maintains Non-Repudiation > > SecureSphere can inspect the contents of both HTTP and HTTPS > (SSL) traffic. SecureSphere delivers higher HTTPS performance > than competing reverse proxy point solutions because > SecureSphere decrypts SSL encrypted traffic but does not > terminate it. Therefore SecureSphere simply passes the encrypted > packets unchanged to the application or database server. This > eliminates the overhead of re-packaging (i.e. changing) the > communications, re-negotiating a new SSL connection to the > server, and re-encrypting the information. Moreover, it > maintains the non-repudiation of transactions since the > encrypted communication is between client and application with > no proxy acting as middleman.
Firstly, even if you believe that _any_ crypto provides non-repudiation (see http://www.apache-ssl.org/tech-legal.pdf for a paper I co-authored on this and other stuff - executive summary: I don't believe it), you can't "maintain" the non-repudation of SSL because it doesn't provide non-repudation. Secondly, obviously, you can only decrypt SSL if you have the private key, so presumably this is referring only to incoming SSL connections. Cheers, Ben. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
