Rahul Dhesi wrote:
| Adam Shostack <adam @
| >I think what Joe is saying is 'Adam tunnelled his SSH
| >connections over my SSL proxy, and I want to know if I can make that
| >sort of thing harder.'
| >...Is there an SSL proxy that
| >looks beyond the CONNECT strong to the first few messages sent back
| >and forth to ensure they look like client-hello, server-hello, etc?
| I still wonder: What does this achieve? What sorts of bad things can
| you do with ssh what you cannot, with some imagination, do with http
| over SSL?
Shrinks, for a while, the pool of people who can do it. Then
someone with imagination will release the code, and we're back to
where we are today. Possibly with a little protection against a
buffer overflow in the crypto libraries.
"It is seldom that liberty of any kind is lost all at once."