1997-03-24 - Re: Security of SSL proxies

Header Data

From: Jeff Barber <jeffb@issl.atl.hp.com>
To: trei@process.com
Message Hash: cc23fe115266b18204fa21ff388c00ceeea3c599803eb82761cc13f8c03f8aa3
Message ID: <199703241638.LAA16180@jafar.issl.atl.hp.com>
Reply To: <199703241526.HAA07715@toad.com>
UTC Datetime: 1997-03-24 16:28:59 UTC
Raw Date: Mon, 24 Mar 1997 08:28:59 -0800 (PST)

Raw message

From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Mon, 24 Mar 1997 08:28:59 -0800 (PST)
To: trei@process.com
Subject: Re: Security of SSL proxies
In-Reply-To: <199703241526.HAA07715@toad.com>
Message-ID: <199703241638.LAA16180@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain

Peter Trei writes:
> pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
> > A number of vendors are now selling SSL proxies which implement secure 
> > tunnelling for web browsers using a non-crippled SSL implementation running on 
> > the client machine.

> I'm a little confused by your use of the term 'SSL proxy'. Netscape 
> defined an extension to HTTP to allow SSL traffic through a firewall:
> the encrypted request is prepended (in clear) with the actual 
> destination IP address and port. The firewall proxy then opens a 
> TCP/IP channel to the actual destination/port, and blindly relays packets
> between the actual destination and the browser until one side or the
> other shuts down the link.

> Or are you talking about something entirely different? 

Something different.  There are several products that are designed to
improve the strength of the encryption securing the connection between
the browser and server.  Here are a couple of URLs with more info:


I believe there are a couple of other competitors as well, but don't 
know the URLs.

-- Jeff