Re: [Pound Mailing List] Re: Pound as HTTPS / HTTPS proxy

Mon, 20 Jul 2009 02:16:04 -0700 

Not quite. All auditors I've encountered have refused to accept it
without strong compensating controls.

Plus, other requirements from Visa (non-PCI) require encryption even
locally.

/Eirik


Sent from my iPhone

On 20. juli 2009, at 10.24, Mattias Berge <[email protected]>
wrote:


As I understand it, that's only a requirement when sending the data
over
open networks.
See Requirement 4.1

2009/7/11 Eirik Øverby <[email protected]>


This functionality is required for PCI-DSS compliance in any
scenario where
pound and the backend do NOT reside on the same server (i.e. the
traffic is
not allowed to hit the wire unencrypted).

/Eirik

Sent from my iPhone


On 10. juli 2009, at 23.32, Heiko Schlittermann <[email protected]>
wrote:

Hello,


now I'm answering myself.

Heiko Schlittermann <[email protected]> (Do 09 Jul 2009 22:00:19
CEST):


Hello,

here is the conversation with Robert I had so far about using
pound as an HTTPS / HTTPS proxy. He asked me for the reason(s)
wanting
this MITM approach.



...


and probably Apaches mod_proxy could be used. Both solutions are
not
checked yet, since I like the lean approach of Pound, compared with
these two "fat" applications.

(The current setup we're testing uses an stunnel connection to the
backend...)



Just for the records:

 client -- { internet } --- [ pound | stunnel ] ------- [ backend ]
       https://<domain>/path                    https://<domain>/
path


works for me. But I'd like to see the stunnel integrated in pound
(for
admin purposes).

 Heiko
--
SCHLITTERMANN.de ---------------------------- internet & unix
support -
Heiko Schlittermann HS12-RIPE
-----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B
---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0
359B -


--
To unsubscribe send an email with subject unsubscribe to [email protected]
.
Please contact [email protected] for questions.



--
To unsubscribe send an email with subject unsubscribe to [email protected]
.
Please contact [email protected] for questions.





--
Mattias Berge
Direct +46 (0)40-690 3825


--
To unsubscribe send an email with subject unsubscribe to [email protected]
.
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to