[iwar] SSL Accelerators?

From: Tony Bartoletti (azb@llnl.gov)
Date: 2001-06-06 14:16:12


Return-Path: <sentto-279987-1300-991861729-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 06 Jun 2001 14:10:08 -0700 (PDT)
Received: (qmail 18057 invoked by uid 510); 6 Jun 2001 20:09:59 -0000
Received: from hm.egroups.com (208.50.99.198) by 204.181.12.215 with SMTP; 6 Jun 2001 20:09:59 -0000
X-eGroups-Return: sentto-279987-1300-991861729-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by hm.egroups.com with NNFMP; 06 Jun 2001 21:08:49 -0000
X-Sender: azb@llnl.gov
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_1_3); 6 Jun 2001 21:08:48 -0000
Received: (qmail 40180 invoked from network); 6 Jun 2001 21:08:48 -0000
Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 6 Jun 2001 21:08:48 -0000
Received: from unknown (HELO smtp-2.llnl.gov) (128.115.250.82) by mta1 with SMTP; 6 Jun 2001 21:08:48 -0000
Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id OAA17492 for <iwar@yahoogroups.com>; Wed, 6 Jun 2001 14:08:47 -0700 (PDT)
Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id OAA08909 for <iwar@yahoogroups.com>; Wed, 6 Jun 2001 14:08:47 -0700 (PDT)
Message-Id: <4.3.2.7.2.20010606140155.00b18cc0@poptop.llnl.gov>
X-Sender: e048786@poptop.llnl.gov
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
To: iwar@yahoogroups.com
In-Reply-To: <200106061128.EAA29798@all.net>
References: <86F477BCF025D411912F00508BACC30A02DC1588@alpha.bookham.com>
From: Tony Bartoletti <azb@llnl.gov>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 06 Jun 2001 14:16:12 -0700
Reply-To: iwar@yahoogroups.com
Subject: [iwar] SSL Accelerators?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Fred,

This seem relevant to the packet-routing, DDoS issue.  The following link 
was recently brought to my attention:

     <http://biz.yahoo.com/rf/010606/n05130335_2.html>http://biz.yahoo.com/rf/010606/n05130335_2.>html

It is a product called "SonicWall" intended for routers, that claims to 
speed up the efficient delivery of SSL packets, in a manner that makes me 
nervous and suspicious.  Perhaps I just don't understand what this is 
about.  A quote from the bottom of the page reads:

"...when a Web site encrypts information for security, such as credit card 
and account numbers, the routers can't tell what they are and direct them 
accordingly. This slows the flow of sensitive information. The SSL 
accelerators can remove the encryption of the packets so the routers can 
categorize them and then re-encrypt them so the routers can send them on 
their way securely."

Seems like a Big Hole to me.  I assume the routers in question would be 
under the control of the same party that hosts the web site, so perhaps 
that mitigates some concerns.  Still, I don't understand the rationale for 
the "can't ... direct them accordingly" part of it.

Just Thought I'd Share :)

___tony___
Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900





------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT