New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cloudflare announce keyless SSL
Cloudflare says they can provide service to you with SSL without your private key. It sounds to me like a IPSEC/GRE tunnel to your server.
Comments
It is a really cool concept but you should read there post fully the put a pretty accurate descrion of it
Next news. Google buys Cloudflare? Looks like every tech company doing good job will be bought by Google.
Doesn't looks like Google. Maybe OVH
At first, I read it on my phone. Couldn't really see the picture. Later, when I look at the picture clearly, I understand what they are doing. But still curious, could Cloudflare know too much about the encrypted content?
I would imagine with regards the encrypted content they know the source and destination, if your paranoid it would be possible to sniff the unencrypted traffic.
What does the SSL premaster and Session Key used for? These two information is what Cloudflare have unencrypted according to the flow chat
Does not look like a revolutionary thing. They simply extend the chain and put the padlock in the premises of the customer so the customer can keep the key private.
https://github.com/dlundquist/sniproxy
Is this the thing ?
I would do that using this for sure.
But how they are going to prevent Layer 7 based attacks....Since they can't inspects the data packets without decrypting them ?
That is a broad range of possible attacks. depending on what you have in mind, there are ways. The only way that could be compromised is through compromising the machine running the webfront and the actual ssl stack or somehow hijuacking the IP if the admins are really stupid and only use IP based ACLs.
It is entirely possible a scenario with a compromised web server, but, again, that can happen even if the server is located at home, in the basement, a special safe room with Fort Knox like guarding or even a spaceship orbiting the earth.