I absolutely agree. A database hack can be MUCH more valuable than just
traffic interception. Some large financial institutions I have worked with
on this have been more concerned about the "ease" of the hack for an insider
though. For instance, it takes some degree of skill to hack the DB and
pull down all the CC numbers. On the other hand, the skill level required
to put a sniffer between two nodes and capture packets is far less.
Although it does imply a trust issue (employee-employer) is gone and
physical security at the site has been violated.
So fundamentally I think we are in agreement that SSL termination is not a
"bad" thing provided the designs they are deployed within conform to a
reasonable level of security.
dg
------------------------------------------
Douglas Gourlay
W- 415.371.2345
C- 415.269.3684
-----Original Message-----
From: francis@localhost.localdomain
[mailto:francis@localhost.localdomain]On Behalf Of John Stracke
Sent: Friday, September 08, 2000 2:45 PM
To: wrec@cs.utk.edu
Subject: Re: Middlebox Features
Douglas Gourlay wrote:
> The key design
> considerations this generates are more in the security space. I say this
> because how we choose to deal with this "used to be encrypted" data after
> termination is a concern that will plague the end-user of a commerce site.
Yes, but we have similar concerns today, because the transaction records are
normally stored in plaintext. For most commerce sites, it's probably easier
to
break into the database than to intercept network traffic (more lucrative,
too,
since you can get more data in a short time).
-- /================================================================\ |John Stracke | http://www.ecal.com |My opinions are my own. | |Chief Scientist |===============================================| |eCal Corp. |"What we have here is a failure to assimilate."| |francis@ecal.com|--Cool Hand Locutius | \================================================================/
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:29 MST