On Wed, 25 Feb 2009 10:04:40 -0800 Ray Dillinger <b...@sonic.net> wrote:
> On Wed, 2009-02-25 at 14:53 +0000, John Levine wrote: > > > You're right, but it's not obvious to me how a site can tell an evil > > MITM proxy from a benign shared web cache. The sequence of page > > accesses would be pretty similar. > > There is no such thing as a "benign" web cache for secure pages. > If you detect something doing caching of secure pages, you need > to shut them off just as much as you need to shut off any other > MITM. It's not caching such pages; it is acting as a TCP relay for the requests, without access to the keys. These are utterly necessary for some firewall architectures, for example, and generally do not represent a security threat beyond traffic analysis. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com