none
SSL Intermediary point problem RRS feed

  • Question

  • Help please!

    SSL providing point-to-point security.

    Intermediary point can be hacked, so in the intermediary point somebody when decrypt message can read, for example my credit card number. How SSL resolved that issue, i supose encryption\decryption is resolved on transport layer, but If first intermediary point can`t read message because low level enc\dec, and doesn`t start new ssl connection, second intermediary can read unsecured message?

    Please help me to understand that issue. Thanx in advance


    • Edited by MarkoOkram Monday, November 21, 2011 10:37 PM
    Monday, November 21, 2011 10:36 PM

Answers

  • Hello, this doesn't seem to be a WCF question. You need to find an SSL forum to post it. You can find some general information about SSL on http://en.wikipedia.org/wiki/Transport_Layer_Security.

    By the way, SSL doesn't resolve the man in the middle attack issue. That's why SOAP introduces message security, where the message itself is encrypted.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Marked as answer by Yi-Lun Luo Monday, November 28, 2011 11:36 AM
    Wednesday, November 23, 2011 3:26 AM

All replies

  • You are correct. If the point-to point security client does not match, the intermediary can read and redirect anywhere!~Christine. 
    Christine Sindelar
    Monday, November 21, 2011 11:04 PM
  • Sorry, I dont understand does intermediate can read message on higher level than SSL and read my credit card number, and does intermediate (if doesn`t has SSL)can redirect decrypted message(insecure) so anyone can read it?
    MarkoOkram
    Tuesday, November 22, 2011 1:33 PM
  • Hello, this doesn't seem to be a WCF question. You need to find an SSL forum to post it. You can find some general information about SSL on http://en.wikipedia.org/wiki/Transport_Layer_Security.

    By the way, SSL doesn't resolve the man in the middle attack issue. That's why SOAP introduces message security, where the message itself is encrypted.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    • Marked as answer by Yi-Lun Luo Monday, November 28, 2011 11:36 AM
    Wednesday, November 23, 2011 3:26 AM
  • Thanks, but source of my question was WCF security mode, so I had to get some answers about SSL issues. I apologize if the topic was not suitable
    MarkoOkram
    Friday, November 25, 2011 12:51 AM