Tunneling through hostile proxy

Jason Holt jason at lunkwill.org
Tue Jul 23 11:11:04 PDT 2002


>> Roy M. Silvernail[SMTP:roy at scytale.com]
>> Given internet access from a private intranet, through an HTTP 
>> proxy out of the user's control, is it possible to establish a secure 
>> tunnel to an outside server?  I'd expect that ordinary SSL 
>> connections will secure user <-> proxy and proxy <-> server 
>> separately, with the proxy able to observe cleartext.  Could an SSH 
>> connection be made under these conditions?
[...]

	The default behavior for an SSL proxy is to pass the encrypted bytes
back and forth, allowing you to connect all the way to the other server.  
However, it is possible for the proxy to have its own CA which has been added
to your browser.  Then it acts as a man in the middle and pretends to be the
remote host to you, and vice versa.  In that case, it works as you describe,
watching the data during its interim decryption.

	Typically, the proxy would give you generic certificates (like
"*.com"), but it could conceivably generate a certificate for each site you
visit ("secure.yahoo.com", etc.).  The way to tell would be to look at the
issuing authority according to your browser - if it's one of the public ones,
like Thawte, you've got a connection to the far end.  If it's "Th4wt3", or
your company's, the proxy is probably watching.

	Incidentally, another company that does private browsing over SSL is
www.orangatango.com (along with other nifty anonymizing stuff).

					-J





More information about the cypherpunks-legacy mailing list