Hello *,
has anyone seen a SSL/TLS proxy yet?
I am thinking about a proxy that checks the certificates of the server
(and maybe the client in the TLS case) before allowing communication to
continue.
While it seems impossible to me to check this kind of HTTPS traffic for
malicious code etc. on the firewall (CVP) because of the
(end-to-end-)encryption, it would at least give some assurance that only
approved issuers/certificates would be allowed through.
Otherwise I suppose users just click OK, OK, OK, ... to accept ANY
certificate they see when prompted by the web browser.
What do you think?
Regards,
Matthias
--
Matthias G�rtner Phone: +49-40-51441-286
Gauss Interprise AG Fax: +49-40-51441-599
Spohrstra�e 6
D-22083 Hamburg E-Mail:
[EMAIL PROTECTED]
Germany Web: http://www.gauss-interprise.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
