On Wed, 25 Feb 2009 10:04:40 -0800
Ray Dillinger <b...@sonic.net> wrote:
> On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote:
>
> > You're right, but it's not obvious to me how a site can tell an evil
> > MITM proxy from a benign shared web cache. The sequence of page
> > accesses would be pretty similar.
>
> There is no such thing as a "benign" web cache for secure pages.
> If you detect something doing caching of secure pages, you need
> to shut them off just as much as you need to shut off any other
> MITM.
It's not caching such pages; it is acting as a TCP relay for the
requests, without access to the keys. These are utterly necessary for
some firewall architectures, for example, and generally do not represent
a security threat beyond traffic analysis.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
