Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Consumer Groups Dig Inside NebuAD Technology » Past BBR stories established Nebuad only monitoring
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
« Copyright violation  
AuthorAll Replies


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
·voip.ms
·Vitelity VOIP
·Callcentric
·VoiceStick
·ViaTalk
·Comcast
·Embarq

reply to funchords
Re: Past BBR stories established Nebuad only monitoring

said by funchords See Profile :

The device is inserted in the middle, so it can see the entire transaction, including the cryptographic key exchange.

That said, I have no evidence that it decrypts https, and I personally believe that it would use precious CPU time in a middlebox where processing speed must be an issue.
To be able to decrypt the conversation you need the private key (stored only on the hosting server/load balancer) that matches up with the public key served up in the https negotiation process.

The SSL cert also needs to match up as being issued by one of the default Certificate Authorities that had their authentication keys distributed with the web browser software.

Corporate SSL decoding solutions like that provided by Bluecoat work by having a "special" CA key installed on each of the client machines so that the appliance can spoof the https negotiation of valid Internet sources and have the public SSL key authenticate with the "special" CA that gets installed to the web browser so that the user never sees a pop-up to clue them in to the practice. Where you can notice this is if you look at the SSL cert details itself in the browser you will see that sites like Yahoo would be certified by some mystery CA instead of Verisign/Equifax/GeoTrust/Thawte/etc. The scary thing is that in a corporate environment this key can be distributed very easily/silently through Active Directory.

To be honest, the whole thing creeps me out and I'm usually pretty liberal in my view on acceptable practices in networking.
to forum · permalink · · 2008-06-19 00:58:36 · Reply to this
Forums » Consumer Groups Dig Inside NebuAD Technology« Copyright violation  

Tuesday, 10-Nov 18:29:38 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [112] Moto Sold About 100,000 Droids
· [93] Verizon Keeps Swinging At AT&T
· [86] VoIP Over 3G Still Not Working For iPhone
· [64] Government Will Release Some Telco Wiretap Lobbying Documents
· [50] Verizon's Hanging Up On Rural America
· [34] Bill Would Force ISPs To Block Financial Scams
· [26] Verizon's Higher ETFs Annoy Senator
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [23] Sprint Announces Job Cuts
· [18] Clearwire To Get Another $1.5 Billion
Most people now reading
· House inspector failed to find major gas leak [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· [Rant] windows 7 is the most retarded os ever and its broke to [Rants, Raves, and Praise]
· Holy work line speeds!! [TekSavvy]
· [northeast] Comparison of FiOS Broadband Internet to Comcast Bla [Verizon Fiber Optics]
· Best days to buy and sell on AH [World of Warcraft]