On Mon, 2012-02-13 at 11:03 -0800, David Conrad wrote: > On Feb 13, 2012, at 10:42 AM, Nico Williams wrote: > > Not all spy-on-your-employees solutions are bad, thus the fact that > > alternatives will arise does not necessarily bother me. > > And they aren't all 'spy-on-your-employees'. For example, companies such as > CloudFlare (for whom I work), Incapsula, Torbit, etc., provide various web > security and performance-related services by acting as a reverse proxy and > scrubbing HTTP/HTTPS connections. These services tend to be targeted at SMEs > who are often less-than-technically-knowledable web site operators and those > website owners will reject any solution that isn't transparent to their > customers. While I can't speak for the others, CloudFlare's service is not in > any way a "spy-on-your-employees" solution, rather it is a service in which > website owners intentionally insert a MITM that helps them deal with various > attacks (DDoS, blog spam, screen scrapers, etc). >
Conrad, this seems slightly different than the spy-on-your-employees case though (close to server rather than client), in that the MITM web-frontend would just be able to publish the original web site's cert, or, another cert. To some degree client's can just consider the MITM machine to be the actual web server, and the actual web server to be the web-server backend, right? All the same the client-facing cert would be the cert observed by the notaries, for instance. /M
signature.asc
Description: This is a digitally signed message part
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
