[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stronghold, revisited



Way back when I was writing SSLeay encrypting proxies so Lynx could use
them, there was a commercial product called StrongHold.  I apologize for my
insufficient memory.

However much of the problem with forcing browsers to update might be solved
with an encryption proxy (on a raspi if needed).

For those who are too young to remember, during the "crypto is munitions"
period where the source to strong crypto needed to be sent via FAX,
Stronghold was a proxy that would take ordinary sessions (or I assume 40
bit - yes, 40 bit, that was "export" strength) crypto on the browser end
and transform it to the maximum strength on the remote end.

IE apparently has some problems with PFS.

One way to maybe fix this is to create an encrypting proxy that would do
full strength, PFS encryption and remove the other weaknesses, and run on
the local machine or LAN (if that isn't secure there are bigger problems).
And it would refuse or at least complain if the strength wasn't up to
snuff, and could itself add things like cert/CA validation management -
trust on first time and the rest as options.

If I had a box (DD-WRT?) that would warn me if something was amiss, I would
be in a better position.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130728/26011aec/attachment.html>