Return-Path: 
 <users-return-41844-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 53997 invoked from network); 31 May 2004 20:26:13 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 31 May 2004 20:26:13 -0000
Received: (qmail 62036 invoked by uid 500); 31 May 2004 20:25:51 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 62004 invoked by uid 500); 31 May 2004 20:25:50 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 61973 invoked by uid 99); 31 May 2004 20:25:49 -0000
Received: from [131.252.122.17] (HELO gilling.oit.pdx.edu) (131.252.122.17)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Mon, 31 May 2004 13:25:49 -0700
Received: from host-242-184.resnet.pdx.edu (host-242-184.resnet.pdx.edu
 [131.252.242.184])
	by gilling.oit.pdx.edu (8.12.10/8.12.10) with ESMTP id i4VKPdC0004127
	for <users@httpd.apache.org>; Mon, 31 May 2004 13:25:39 -0700 (PDT)
From: Karl Hegbloom <hegbloom@pdx.edu>
To: users@httpd.apache.org
Content-Type: text/plain
Date: Mon, 31 May 2004 13:27:49 -0700
Message-Id: <1086035269.18156.8.camel@bittersweet.localnet>
Mime-Version: 1.0
X-Mailer: Evolution 1.5.8 
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked
Subject: [users@httpd] Security question: MIM, transparent SSL proxy server?
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Is it possible for someone to set up a transparent HTTPS proxy on a
network they control, and if so, would it be able to view plaintext
screens and passwords from visited sites?  (man in middle)  If not, how
is this prevented or impossible, if so, how could one know that it's
going on or detect it?

-- 
Karl Hegbloom <hegbloom@pdx.edu>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org