[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stronghold, revisited



On Sun, Jul 28, 2013 at 2:16 PM, tz <[email protected]> wrote:

> For those who are too young to remember, during the "crypto is munitions"
> period where the source to strong crypto needed to be sent via FAX,
> Stronghold was a proxy that would take ordinary sessions (or I assume 40
> bit - yes, 40 bit, that was "export" strength) crypto on the browser end
> and transform it to the maximum strength on the remote end.


That was C2Net's SafePassage product, Stronghold was an Apache-based
webserver capable of strong crypto SSL.

That seems like a nice idea for today - get a router running DD-WRT or a
Raspberry Pi or similar to proxy all SSL connections and enforce the use of
PFS, watch for CA hijinks, and otherwise make a hard shell around the soft
Windows computers at the center. See, e.g.,
http://translate.google.com/translate?hl=en&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fct%2Fartikel%2FMicrosofts-Hintertuer-1921730.html

-- 
Greg Broiles
[email protected] (Lists only. Not for confidential communications.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130728/eddf9910/attachment.html>