On Tuesdayen den 26 March 2002 16.33, Balazs Scheidler wrote: > Providing a client certificate to the server is not very common, if it is > required a tunnel can be opened to that _specific_ server, and nothing > else. > > So using a real decrypting HTTPS proxy for general https traffic, and > opening holes to specific destinations is definitely more secure than a > simple 'pass-through' hole in the firewall.
You missed the point here. Using a decryption HTTPS proxy invalidates both the use of client certificates AND the use of server certificates, which makes the use of SSL somewhat pointless. Further, unless the proxy runs it's own CA trusted by the browsers then the users will always be warned that the server certificate is invalid when using such proxy. Regards Henrik Nordström
