Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] My Bank's Web Site is Behaving Oddly



On Sat, May 07, 2016 at 12:46:32PM -0400, Kent Borg wrote:
> On 05/07/2016 08:25 AM, Matthew Gillen wrote:
> >On 5/4/2016 5:37 PM, Kent Borg wrote:
> >>-kb, the Kent who admits he doesn't know how https works through Akamai
> >>and the like.
> >It doesn't. Akamai is a TLS termination point.  They have the private
> >keys of any domain they are proxying for, so they can act as the TLS
> >endpoint.
> 
> But TLS can work through a more prosaic proxy, which could do load balancing
> and failover stuff. I guess a boring proxy can't serve up cached content
> from nearby locations, it has to pass it on encrypted to a machine with the
> the right certificate. But it could pass it on wisely and cleverly, couldn't
> it? I guess it couldn't do DDoS defense and give each client dedicated IP
> addresses, at least not IPv4 addresses.  (In a few weeks Apple Store is
> going to require ios apps work on IPv6-only networks.)

x509 certs don't care about IPs; the browser matches the cert's
CN (Common Name) against the domain name it was requesting.


-dsr-



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org