> I do not believe there is an error in my logic.
> You are using the client's trust of the Proxy
> to bootstrap whether or not the client trusts
> the Host with whom it is attempting to communicate
> securely.
If I put 'www.foo.com' in my browser, I want to make sure I reach the
server o
Marton Anka wrote:
The client cannot trust the host because the client is not verifying
the Host's certificate.
The client has no way of knowing whether or not the proxy server has
been compromised. Therefore it is not acceptable
to trust the proxy to decrypt and reencrypt the data. You have
Jeffrey,
thanks for responding.
> Is your goal to pay for one Verisign certificate and be able to use it
for a large number of privately generated free certificates which would
not be trusted by the client?
No, not at all. We're not trying to save a few hundred dollars by doing
this. This is ju
Marton Anka wrote:
Message
Hello,
I
am trying to solve a very peculiar problem. In my application, there
are three players:
1.
Client - runs a regular web browser.
2.
Proxy - runs my proxy application with OpenSSL 0.9.7c
3.
Host - runs my host application wit
>
> Question: Why the proxy? Perhaps a simple NAT router would suffice.
>
It's due to the nature of our application. I really can't get into
details here.
I have been contacted by one of the OpenSSL developers via email as a
response to my yesterday's post. We're discussing this privately - but
Question: Why the proxy? Perhaps a simple NAT router would suffice.
On Feb 17, 2004, at 1:03 PM, Marton Anka wrote:
The second question is, can this be improved? For example, can we get
rid of the decryption/re-encryption phase? Can I somehow manage to get
both Host and Client to negotiate th
