Tilted Forum Project Discussion Community - View Single Post

hilbert25 · 01-21-2004, 07:41 PM

If it's working with certs, chances are your proxies aren't ssl proxies (and chances are you don't want them to be), meaning they just forward your ssl packets straight through, ssl request is unchanged with your ip address, etc.
Off the top of my head I don't know the ssl spec, but I do think it can provide both client and server authentication meaning that they can figure out who you say you are and your ip from the transactions.
SSL proxy would require breaking your SSL connection, connecting to you and then enabling it's own connection with the server. This would allow them to anonymize you over SSL, but also allow them to read all the traffic sent over. Not a good thing if your sending credit card info.
I'm pretty sure Anonymizer works because it simply browses the site you saw, and redisplays what it sees on your browser, fully breaking the connection to you and the server.

Edit- WHen I go there, I can't find where it identifies my ip address, all it does is identify me as being from Japan (where my current proxy resides).

01-21-2004, 07:41 PM	#17 (permalink)
hilbert25 Psycho Location: nOvA	If it's working with certs, chances are your proxies aren't ssl proxies (and chances are you don't want them to be), meaning they just forward your ssl packets straight through, ssl request is unchanged with your ip address, etc. Off the top of my head I don't know the ssl spec, but I do think it can provide both client and server authentication meaning that they can figure out who you say you are and your ip from the transactions. SSL proxy would require breaking your SSL connection, connecting to you and then enabling it's own connection with the server. This would allow them to anonymize you over SSL, but also allow them to read all the traffic sent over. Not a good thing if your sending credit card info. I'm pretty sure Anonymizer works because it simply browses the site you saw, and redisplays what it sees on your browser, fully breaking the connection to you and the server. Edit- WHen I go there, I can't find where it identifies my ip address, all it does is identify me as being from Japan (where my current proxy resides). Last edited by hilbert25; 01-21-2004 at 07:44 PM..