On Sun, Jul 28, 2013 at 2:16 PM, tz <thomas@mich.com> wrote:

For those who are too young to remember, during the "crypto is munitions" period where the source to strong crypto needed to be sent via FAX, Stronghold was a proxy that would take ordinary sessions (or I assume 40 bit - yes, 40 bit, that was "export" strength) crypto on the browser end and transform it to the maximum strength on the remote end.

That was C2Net's SafePassage product, Stronghold was an Apache-based webserver capable of strong crypto SSL.

That seems like a nice idea for today - get a router running DD-WRT or a Raspberry Pi or similar to proxy all SSL connections and enforce the use of PFS, watch for CA hijinks, and otherwise make a hard shell around the soft Windows computers at the center. See, e.g., http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fct%2Fartikel%2FMicrosofts-Hintertuer-1921730.html

--
Greg Broiles
gbroiles@gmail.com (Lists only. Not for confidential communications.)