Tunneling through a hostile proxy?

[David Howe]

Roy M. Silvernail <roy at scytale.com> was seen to declaim:
> Given internet access from a private intranet, through an HTTP
> proxy out of the user's control, is it possible to establish a secure
> tunnel to an outside server?  I'd expect that ordinary SSL
> connections will secure user <-> proxy and proxy <-> server
> separately, with the proxy able to observe cleartext.  Could an SSH
> connection be made under these conditions?
Not sure if it is what you are asking - but a HTTP proxy doesn't handle
the SSL; it simply forwards the packets to the destination site, and
forwards the reply back to you; the SSL encryption is handled by your
machine and the server (the proxy doesn't touch it)
In theory, if your corporate force-included its own root key into your
browser, they could generate their own certificates on the fly and have
it work transparently - but checking who issued the cert would show that
up.