BetterPrivacy - necessary?
Jim
Jimmymac at copper.net
Sat Oct 2 06:11:20 UTC 2010
grarpamp wrote:
> As usual, it would be awesome to have a tool that could de and re
> encapsulate https so that proxies and caches could do their thing with it.
I am very far from an expert in these matters, but it would seem to me
that the ability to do so without the explicit cooperation of the
browser (or other client) would indicate that your attempt at end-to-end
encryption was hopelessly broken. If you could de/re-encapsulate then
so could any other man-in-the-middle, and you would never be the wiser.
But I do understand the usefulness of what you suggest. The only way I
can see of doing it that had any possibility of being secure would be if
A) your proxy/cache handled the real end-to-end
encryption/authentication with the website, and B) there was a plugin
(or built-in functionality) on the browser that maintained a secure AND
AUTHENTICATED connection with the proxy/cache. I.e. the browser would
have to be aware of what was going on and would suspend its verification
of the website's certificate while insisting that it authenticate that
it was talking to the approved proxy/cache which is tasked with the
secure communication to the website. If the proxy/cache detected a
problem with the website's certificate, then it would have to have a way
of signalling this, perhaps just by serving up its own page with the
relevant information.
That's the best I can come up with. Comments?
Jim
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list