vectro@pipeline.com wrote:
> Why couldn't the proxy perform a man-in-the-middle attack on the
> connection?
By definition the proxy is a man-in-the-middle if it decrypts the data
stream. However in view of SSL the proxy is the endpoint in such cases,
so in fact is not...
Note that the proxy can only decrypt the datastream if it knows the
private SSL key for the domainname. If it doesn't then the SSL channel
will fail identifying the server, and the browser brings up a notice
dialog telling the fact.
-- Henrik Nordstrom Squid hackerReceived on Mon May 29 2000 - 09:32:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:36 MST