Nonrepudiation - in some sense
Ben Laurie
ben at algroup.co.uk
Fri Feb 10 14:49:59 EST 2006
leichter_jerrold at emc.com wrote:
>>From a description of the Imperva "SecureSphere" technology. Imperva makes
> firewalls that can "look inside" SSL sessions:
>
> SSL Security that Maintains Non-Repudiation
>
> SecureSphere can inspect the contents of both HTTP and HTTPS
> (SSL) traffic. SecureSphere delivers higher HTTPS performance
> than competing reverse proxy point solutions because
> SecureSphere decrypts SSL encrypted traffic but does not
> terminate it. Therefore SecureSphere simply passes the encrypted
> packets unchanged to the application or database server. This
> eliminates the overhead of re-packaging (i.e. changing) the
> communications, re-negotiating a new SSL connection to the
> server, and re-encrypting the information. Moreover, it
> maintains the non-repudiation of transactions since the
> encrypted communication is between client and application with
> no proxy acting as middleman.
Firstly, even if you believe that _any_ crypto provides non-repudiation
(see http://www.apache-ssl.org/tech-legal.pdf for a paper I co-authored
on this and other stuff - executive summary: I don't believe it), you
can't "maintain" the non-repudation of SSL because it doesn't provide
non-repudation.
Secondly, obviously, you can only decrypt SSL if you have the private
key, so presumably this is referring only to incoming SSL connections.
Cheers,
Ben.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list