> > This is a really bad model. You are putting all of the client's
> > secret keys in a place where they will be vulnerable to attack.
> >
> > Why does the connection between the Client and the CGI Proxy have to
> > be protected by SSL such that the CGI Proxy can view the data?
>
>
> This is a bad mode, I think too....but
>
> Until now, my customers have used end-end SSL connection at their system.
> Their www servers use client authentication.
> And now, we propose introdution of Tursted OS into the front end of
> their system.
> If we reconstruct their system on Trusted OS, all go well.
> But they don't want to modify their system.
>
> If we introduce Trusted OS, end-end SSL connection is divided,
> client to Trusted OS and Trusted OS to backend www server.
> So I dicided to develop CGI Proxy.
>
> I put All of the client's secret keys in a place.
> But the machine's OS that holds all keys is Trusted OS.
> So I think that their secret keys are safe...maybe.
>
This is all wrong. It doesn't matter if the proxy machine is a
trusted OS or not if you are using end to end SSL connections. The
authentication of the end box via verification of its certificate will
ensure that there is no man in the middle.
If the proxy is on a Trusted OS, that is great. But it doesn't change
the security model one bit. The proxy should not be interfering with
the end to end properties of SSL.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
