On Mon, 2001-12-24 at 10:29, Michael Beattie wrote: > On Mon, Dec 24, 2001 at 09:16:53AM +1200, [EMAIL PROTECTED] wrote: > > https is just http over ssl and can be proxied, it's simply tunnelled between the >client and server via the proxy... (as long as the proxy has a full ssl >implementation) > > Er, no it cannot. SSL is only secure if the host keys are exchanged > secretly. and there is no advantage to proxying the connection anyway, > since the data transfered is encrypted, and cannot be cached.
SSL uses public-private key encryption to share session keys. Typically the server uses a key that is signed by a certificate authority (CA) such as Verisign. The public key for a commercial CA should be included in the browser so it does all the verification for you. The downside is having to pay an extortionate amount for the CA to sign your key. For a home server you can probably get away with a self-signed certificate. Your browser will warn you but you can still use the site and the connection will be encrypted. > > If you know of an https proxy, or you use one, then ok, I'll take that > back, but I'll take rights to call you an idiot if you do use one. > A proxy such as Squid will tunnel HTTPS connections. By the nature of the protocol a proxy cannot decrypt the connection so you are safe from prying eyes. As I said earlier, if you are setting up your own HTTPS server for webmail a self-signed certificate is usually fine. But if you are setting up an e-commerce server then a commercial CA that is supported by the main web browsers is essential. Back to the original question regarding webmail/POP3. Wifey probably shouldn't be using POP3 to access email from cyber-cafes. For one thing, cyber-cafes probably don't have a POP3 email client installed for the reasons: 1. that you have to configure it to download mail. And cyber-cafes typically tighten their machines up so users can't stuff them up. 2. You download mail (bad idea unless you really know how to remove it from the system. 3. If you don't remember to remove your mail configuration the next guy can view all your mail (and probably send mail as you also!) Web mail is what you want. All you need is a browser and no configuration from the client end is required. If you don't want to set up a web mail server yourself, forward you mail to any of the many webmail services available (e.g. Hotmail) You'll probably find your ISP has a web mail service available you can use. > Mike. > -- > Michael Beattie <[EMAIL PROTECTED]> > > yip yip yip yip yip yip yap yap yip *BANG* NO TERRIER -- regards, Kerry. --------------------------------------------------------------------- Kerry Baker Ph: +64 (4) 470 5843 Consultant Fax: +64 (4) 472 7219 Optimation New Zealand Limited Mob: +64 (25) 308 647 1 Grey Street Email: [EMAIL PROTECTED] Level 2, Optimation House Web: www.optimation.co.nz Wellington NOTE: This electronic mail message together with any attachments is confidential. If you are not the intended recipient, please e-mail us immediately and destroy this message. You may not copy, disclose or use the contents in any way. Thank you.
