Roy M. Silvernail[SMTP:roy@scytale.com] Given internet access from a private intranet, through an HTTP proxy out of the user's control, is it possible to establish a secure tunnel to an outside server? I'd expect that ordinary SSL connections will secure user <-> proxy and proxy <-> server separately, with the proxy able to observe cleartext. Could an SSH connection be made under these conditions? [...]
The default behavior for an SSL proxy is to pass the encrypted bytes back and forth, allowing you to connect all the way to the other server. However, it is possible for the proxy to have its own CA which has been added to your browser. Then it acts as a man in the middle and pretends to be the remote host to you, and vice versa. In that case, it works as you describe, watching the data during its interim decryption. Typically, the proxy would give you generic certificates (like "*.com"), but it could conceivably generate a certificate for each site you visit ("secure.yahoo.com", etc.). The way to tell would be to look at the issuing authority according to your browser - if it's one of the public ones, like Thawte, you've got a connection to the far end. If it's "Th4wt3", or your company's, the proxy is probably watching. Incidentally, another company that does private browsing over SSL is www.orangatango.com (along with other nifty anonymizing stuff). -J