XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] 2007 Predictions
Original Message From: "Richard Salz"
>> (It's probably been covered before, but...) I find it interesting that
> using
>> HTTPS allows some security, but it does mean that any perimeter firewall
> can
>> not inspect the contents of an exchange.
>
> Because of this, SSL is usually terminated in the DMZ.  If necessary, a
> new SSL connection will be set up from the DMZ device to the internal
> system. ...

I was actually referring to the firewall at the client end of the 
connection.

(I didn't reply earlier as I was trying to work out how an HTTPS connection 
goes through a proxy.  It seems the risk is still there.  A draft version of 
RFC2817 was called "Tunneling TCP based protocols through Web proxy 
servers", and the security considerations section mentions the 
vulnerability.)

Pete.
--
=============================================
Pete Cordell
Tech-Know-Ware Ltd
for XML to C++ data binding visit
http://www.tech-know-ware.com/lmx
(or http://www.xml2cpp.com)
=============================================
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS