Hi, You are correct, the author would very much like to see plain text, others may enjoy to read encrypted data, but I grew out of it about the same age that I realised that Beavis and Butthead are not actually the funniest thing ever on TV ( Though I believe to this day that they may be contenders ).
Cheers Simon Clewer [EMAIL PROTECTED] Superquote.com Ltd Tel 07967 651 493. ----- Original Message ----- From: Neff Robert A <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 25, 2002 6:46 PM Subject: RE: > I tried short-cutting the initial handshake info from > my initial paragraph. You are, of course, correct > regarding decryption. However, it was my interpretation > that the use of the word snoop, given the original > author's intention, meant seeing clear text data. > To wit: > >To proxy an https the proxy MUST decrypt the message ( or it cannot > >understand the request ), so it MUST be the secure sever for the client ( > or > >it will not have the key to decrypt ) and then the proxy MUST re-encrypt > and > >then become the client for a connection with the remote server. > > > -----Original Message----- > From: Eric Rescorla [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 25, 2002 1:40 PM > To: [EMAIL PROTECTED] > Subject: Re: > > > Neff Robert A <[EMAIL PROTECTED]> writes: > > You cannot snoop a secure https transaction without somehow > > pretending to be the destination host. To do that requires > > the cert, which is public, and private key, which you will > > not have. > Sort of. You can certainly passively snoop an HTTP transaction. > There's no need to pose as the server. Decrypting the traffic > requires, as you say, the private key, but not the certificate. > > -Ekr > > -- > [Eric Rescorla [EMAIL PROTECTED]] > http://www.rtfm.com/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ***************************************************************** > DISCLAIMER: The information contained in this e-mail may be confidential > and is intended solely for the use of the named addressee. Access, copying > or re-use of the e-mail or any information contained therein by any other > person is not authorized. If you are not the intended recipient please > notify us immediately by returning the e-mail to the originator. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
