[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: BetterPrivacy - necessary?

grarpamp wrote:
As usual, it would be awesome to have a tool that could de and re
encapsulate https so that proxies and caches could do their thing with it.

I am very far from an expert in these matters, but it would seem to me that the ability to do so without the explicit cooperation of the browser (or other client) would indicate that your attempt at end-to-end encryption was hopelessly broken. If you could de/re-encapsulate then so could any other man-in-the-middle, and you would never be the wiser.

But I do understand the usefulness of what you suggest. The only way I can see of doing it that had any possibility of being secure would be if A) your proxy/cache handled the real end-to-end encryption/authentication with the website, and B) there was a plugin (or built-in functionality) on the browser that maintained a secure AND AUTHENTICATED connection with the proxy/cache. I.e. the browser would have to be aware of what was going on and would suspend its verification of the website's certificate while insisting that it authenticate that it was talking to the approved proxy/cache which is tasked with the secure communication to the website. If the proxy/cache detected a problem with the website's certificate, then it would have to have a way of signalling this, perhaps just by serving up its own page with the relevant information.

That's the best I can come up with.  Comments?


To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/