My biggest issue with the transition to SSL has been the reduced security it affords to M2M uses of http. I used to be able to throw a firewall in between two railway systems that filters messages by method and URI regex to limit the damage one compromised system can do to the next system down the line. These are already private networks so although the extra layer of protection is welcome, it is not strictly necessary. I'm still pondering the precise solution on this one. At present it seems to be to offload the SSL to the firewall also and to install each system's certificates on their firewalls instead of on their servers, and then do another SSL hop to the servers using a different certificate. This seems more or less reasonable so probably doesn't necessitate a protocol change, but at least for the moment adds cost to the solution that wasn't previously there. Many firewalls are capable of http filtering but not of SSL offload. I guess the central use case here is "I don't want to read your messages. I don't want to store them. I don't want a human to see them, but I want to check to ensure they comply with policy" - a difficult one.
Received on Thursday, 2 May 2013 21:29:06 UTC