On Sun, Jul 28, 2013 at 2:16 PM, tz <[1]thomas@mich.com> wrote:

     For those who are too young to remember, during the "crypto is
     munitions" period where the source to strong crypto needed to be
     sent via FAX, Stronghold was a proxy that would take ordinary
     sessions (or I assume 40 bit - yes, 40 bit, that was "export"
     strength) crypto on the browser end and transform it to the maximum
     strength on the remote end.

   That was C2Net's SafePassage product, Stronghold was an Apache-based
   webserver capable of strong crypto SSL.
   That seems like a nice idea for today - get a router running DD-WRT or
   a Raspberry Pi or similar to proxy all SSL connections and enforce the
   use of PFS, watch for CA hijinks, and otherwise make a hard shell
   around the soft Windows computers at the center. See, e.g.,
   [2]http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F
   %2Fwww.heise.de%2Fct%2Fartikel%2FMicrosofts-Hintertuer-1921730.html
   --
   Greg Broiles
   [3]gbroiles@gmail.com (Lists only. Not for confidential
   communications.)

References

   1. mailto:thomas@mich.com
   2. http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http://www.heise.de/ct/artikel/Microsofts-Hintertuer-1921730.html
   3. mailto:gbroiles@gmail.com