On 10/1/09 00:48, someone wrote:
Hi Ian,
First and foremost all the best for 2009!
But, have you seen this article:
http://www.informationweek.com/news/hardware/reviews/showArticle.jhtml?articleID=206904763
this bit on page 2:
======================
The App-ID capability, while quite impressive, wouldn't be of much use
without the PA-4050's other neat trick: SSL decryption. Using a
man-in-the-middle attack for the power of good, the PA-4050 proxies SSL
connections and generates a new certificate on the fly that it sends to
the client, impersonating a secure server. Because the firewall has the
network traffic in plain text in between decryption and re-encryption
with its self-generated certificate, it can apply the full range of
security policies to the traffic. In order for this to be transparent to
users, IT will need to distribute the firewall's root certificate to all
client computers, a process that could be automated.
======================
I'm asking you is this by any means legal?
(good question! and better questions behind that!)
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
