| | Re: Anybody know how https *really* works? I didn't think so
On Oct 29, 3:44*am, "FromTheRafters" <erra...@nomail.afraid.org>
> "RayLopez99" <raylope...@gmail.com> wrote in message
> > So my book on https and Windows Communication Foundation technology
> > says that if any computer between your SSL certificate secured
> > computer and the client machine reading this certificate does not
> > support SSL, then the entire https link is not secure and your data
> > can be compromised. *That makes no sense to me, because I thought the
> > entire data stream is encrypted, but that's what it says. *And I've
> > even seen this on the net.
> Encryption is only as secure as the key management system is.
Nope, Shiite->4Brains, that' s NOT what we are talking about. Try
again. We are talking about HTTPS, not key management. Yes, it's
true that key management is only as secure as the lock on your door to
the secondary storage holding said keys, but again, that's not at
> > So why do people blindly trust SSL and HTTPS as if it's unbreakable?
> Because they don't understand security as it pertains to encryption (or
> vice versa).
> > Is it because most traffic goes through at most two or three hops, and
> > likely these hops are up-to-date and support SSL?
Right. ???. That's your value add to this debate: ???. That should
be your middle name: ??? The Reflex.
> > Even if so, you're taking a risk that somewhere between somebody will
> > fail to support SSL and your message will be unencrypted.
> It just unencrypts, like that?
Yes, just like that. What you fail to understand (among your many
other failures) is the difference between message level security and
transport level security. HTTPS is the latter not the former. Here's
a reference for you to 'bone up' on, bonehead: (http://
security. A secure transport, such as Secure Sockets Layer (SSL) works
only when the communication is point-to-point. If the message is
routed to one or more SOAP intermediaries before reaching the ultimate
receiver, the message itself is not protected once an intermediary
reads it from the wire. Additionally, the client authentication
information is available only to the first intermediary and must be
transmitted to the ultimate received in out-of-band fashion, if
necessary. This applies even if the entire route uses SSL security
between individual hops. Because message security works directly with
the message and secures the XML in it, the security stays with the
message regardless of how many intermediaries are involved with the
message before it reaches the ultimate receiver. This enables true end-
to-end security scenario.”)
> ...I don't think so.
You *STILL* don't think so, even after reading the above? Man youz
> > Bet most if not all of you reading this thread did not know this. *So
> > called experts, right.
> I don't think that you really fully understand what you are talking
> about, so it seems ironic when you lamely attempt to insult and troll
> those you somehow believe to be *experts* in so many disparate
> crossposted groups.
NOT. I hope you lerned something from this thread, dopehead.
Anybody else? C'mon down! Insults are free of charge.