it seems that some network IPS devices and application firewalls are not only providing SSL based HTTP inspection on server side, but also on client side (i know of one IPS device which is in beta testing). i understand that it is required as attacks can be sent in SSL to avoid blocking.
when deployed on client side, these devices resign certificates (of public servers) with local CA certificate. i see two aspects to it - users need to trust local authority (enterprise administrators) and second is users will have false sense of security (that is users are no longer see the actual CA of server certificate). any comments on acceptance of this functionality in enterprise deployments? is there any standard mechanism (in SSL standard or in HTTP standard) to send actual CA certificate to the browser by forward proxies? thanks Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
