Hi Amos,
>> I didnt know this. Might it be that they are confused and that they
>> might be using Kerberos or something like that that in essence is based
>> in certificates?
>
> What do you mean by "they" being confused? You earlier said you were
> setting this up. My answer was based around your question.
Yes, we are setting this on our own but on premise of certain specs.
I was asked to see if it was possible to do the same "through the proxy"
as other team is doing with end "web sites"
> They likely do it similar or the same way Squid does. With MITM and
> generating a new fake certificate. You asked for ways to do it *without*
> MITM, and relaying on a specific existing client certificate set at the
> browser end of the transaction. The fake certs used in MITM do not pass
> validation such as a server checking for specific client certs does.
Mmm, I understand this is only doable with a MITM deployment as in
essence you would be forging the original user. I raised the question
that this was a security concern bby itself, but I believe would be the
only way.
-- Jaime Nebrera - jnebrera_at_eneotecnologia.com Consultor TI - ENEO Tecnologia SL C/ Manufactura 2, Edificio Euro, Oficina 3N Mairena del Aljarafe - 41927 - Sevilla Telf.- 955 60 11 60 / 619 04 55 18Received on Tue Mar 15 2011 - 10:04:57 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 15 2011 - 12:00:01 MDT