Nonrepudiation - in some sense

leichter_jerroldemc.com wrote:
>>From a description of the Imperva
"SecureSphere" technology.  Imperva makes 
> firewalls that can "look inside" SSL
sessions:
> 
>  	SSL Security that Maintains Non-Repudiation
> 
>  	SecureSphere can inspect the contents of both HTTP
and HTTPS
>  	(SSL) traffic.  SecureSphere delivers higher HTTPS
performance
>  	than competing reverse proxy point solutions because
>  	SecureSphere decrypts SSL encrypted traffic but does
not
>  	terminate it. Therefore SecureSphere simply passes
the encrypted
>  	packets unchanged to the application or database
server. This
>  	eliminates the overhead of re-packaging (i.e.
changing) the
>  	communications, re-negotiating a new SSL connection
to the
>  	server, and re-encrypting the information. Moreover,
it
>  	maintains the non-repudiation of transactions since
the
>  	encrypted communication is between client and
application with
>  	no proxy acting as middleman.

Firstly, even if you believe that _any_ crypto provides
non-repudiation
(see http://www.a
pache-ssl.org/tech-legal.pdf for a paper I co-authored
on this and other stuff - executive summary: I don't believe
it), you
can't "maintain" the non-repudation of SSL because
it doesn't provide
non-repudation.

Secondly, obviously, you can only decrypt SSL if you have
the private
key, so presumably this is referring only to incoming SSL
connections.

Cheers,

Ben.


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com