[Discuss] My Bank's Web Site is Behaving Oddly

[kentborg at borg.org (Kent Borg)]

On 05/07/2016 08:25 AM, Matthew Gillen wrote:
> On 5/4/2016 5:37 PM, Kent Borg wrote:
>> -kb, the Kent who admits he doesn't know how https works through Akamai
>> and the like.
> It doesn't. Akamai is a TLS termination point.  They have the private
> keys of any domain they are proxying for, so they can act as the TLS
> endpoint.

But TLS can work through a more prosaic proxy, which could do load 
balancing and failover stuff. I guess a boring proxy can't serve up 
cached content from nearby locations, it has to pass it on encrypted to 
a machine with the the right certificate. But it could pass it on wisely 
and cleverly, couldn't it? I guess it couldn't do DDoS defense and give 
each client dedicated IP addresses, at least not IPv4 addresses.  (In a 
few weeks Apple Store is going to require ios apps work on IPv6-only 
networks.)

By the way: My old maradns i was running in-house got too old, it was 
sometimes serving up wrong answers, that was part of what I was seeing a 
week ago. Still scared of bad things I have heard about bind, I 
installed powerdns--it seems supported and in current use. I am only 
using it for authoritative local stuff, and for recursive passing 
queries on to 8.8.8.8. Seems to work so far.

-kb, the Kent who still doesn't think banks should anonymize their 
reputations.