Great Circle Associates Firewalls
(February 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: SSL Proxies revisited
From: Adam Shostack <adam @ homeport . org>
Date: Sun, 8 Feb 1998 08:49:01 -0500 (EST)
To: dhesi @ rahul . net (Rahul Dhesi)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <199802081023 . AA16614 @ waltz . rahul . net> from Rahul Dhesi at "Feb 8, 98 02:23:58 am"

Rahul Dhesi wrote:
| Adam Shostack <adam @
 homeport .
 org> writes:
| 
| >I think what Joe is saying is 'Adam tunnelled his SSH
| >connections over my SSL proxy, and I want to know if I can make that
| >sort of thing harder.'
| >...Is there an SSL proxy that
| >looks beyond the CONNECT strong to the first few messages sent back
| >and forth to ensure they look like client-hello, server-hello, etc?
| 
| I still wonder:  What does this achieve?  What sorts of bad things can
| you do with ssh what you cannot, with some imagination, do with http
| over SSL?

	Shrinks, for a while, the pool of people who can do it.  Then
someone with imagination will release the code, and we're back to
where we are today.  Possibly with a little protection against a
buffer overflow in the crypto libraries.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




References:
Indexed By Date Previous: Re: SSL Proxies revisited
From: Rahul Dhesi <dhesi @ rahul . net>
Next: Re: http server for bastion host
From: Stepken <stepken @ www . firmen-info . de>
Indexed By Thread Previous: Re: SSL Proxies revisited
From: Rahul Dhesi <dhesi @ rahul . net>
Next: Re: SSL Proxies revisited
From: Bennett Todd <bet @ rahul . net>

Google
 
Search Internet Search www.greatcircle.com