Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Security of HTTPS

Re: Security of HTTPS

From: David Lang <david.lang_at_digitalinsight.com>
Date: Sat, 25 Dec 2004 00:10:16 -0800 (PST)

sorry for the late reply, catching up on my mail

On Wed, 1 Dec 2004, Kevin wrote:

> Getting back on the topic of firewalls, I wonder if it would be
> possible for a firewall not doing MITM for SSL to validate the
> certificate presented by the remote server, and terminate the
> attempted SSL session if the certificate does not match the remote
> host, is not signed by an acceptable CA or has been revoked?

the problem is that the firewall doesn't know what the client is expecting
to see in the cert. it could check to see if the cert was signed by a
known orginization, but not if the identity of the host matches the
identity stipulated in the cert

David Lang 

-- 
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Dec 27 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos