[Discuss] My Bank's Web Site is Behaving Oddly
Kent Borg
kentborg at borg.org
Sat May 7 12:46:32 EDT 2016
On 05/07/2016 08:25 AM, Matthew Gillen wrote:
> On 5/4/2016 5:37 PM, Kent Borg wrote:
>> -kb, the Kent who admits he doesn't know how https works through Akamai
>> and the like.
> It doesn't. Akamai is a TLS termination point. They have the private
> keys of any domain they are proxying for, so they can act as the TLS
> endpoint.
But TLS can work through a more prosaic proxy, which could do load
balancing and failover stuff. I guess a boring proxy can't serve up
cached content from nearby locations, it has to pass it on encrypted to
a machine with the the right certificate. But it could pass it on wisely
and cleverly, couldn't it? I guess it couldn't do DDoS defense and give
each client dedicated IP addresses, at least not IPv4 addresses. (In a
few weeks Apple Store is going to require ios apps work on IPv6-only
networks.)
By the way: My old maradns i was running in-house got too old, it was
sometimes serving up wrong answers, that was part of what I was seeing a
week ago. Still scared of bad things I have heard about bind, I
installed powerdns--it seems supported and in current use. I am only
using it for authoritative local stuff, and for recursive passing
queries on to 8.8.8.8. Seems to work so far.
-kb, the Kent who still doesn't think banks should anonymize their
reputations.
More information about the Discuss
mailing list