Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] My Bank's Web Site is Behaving Oddly



On 05/07/2016 08:25 AM, Matthew Gillen wrote:
> On 5/4/2016 5:37 PM, Kent Borg wrote:
>> -kb, the Kent who admits he doesn't know how https works through Akamai
>> and the like.
> It doesn't. Akamai is a TLS termination point.  They have the private
> keys of any domain they are proxying for, so they can act as the TLS
> endpoint.

But TLS can work through a more prosaic proxy, which could do load 
balancing and failover stuff. I guess a boring proxy can't serve up 
cached content from nearby locations, it has to pass it on encrypted to 
a machine with the the right certificate. But it could pass it on wisely 
and cleverly, couldn't it? I guess it couldn't do DDoS defense and give 
each client dedicated IP addresses, at least not IPv4 addresses.  (In a 
few weeks Apple Store is going to require ios apps work on IPv6-only 
networks.)

By the way: My old maradns i was running in-house got too old, it was 
sometimes serving up wrong answers, that was part of what I was seeing a 
week ago. Still scared of bad things I have heard about bind, I 
installed powerdns--it seems supported and in current use. I am only 
using it for authoritative local stuff, and for recursive passing 
queries on to 8.8.8.8. Seems to work so far.

-kb, the Kent who still doesn't think banks should anonymize their 
reputations.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org