«

Hi! Sorry for my English.
I'm using a firewall that uses intrusion detection systems. I can filter
any packet (in or out ) that I want but, if the communication is encrypted
or compressed it is virtually impossible. A simple example:
I can't filter google pages based on content unless I disable http 1.1 because
the outgoing http 1.1 header accepts gzip.
Is it possible that privacy (encrypted communication) and speed (gzipped
content or compressed content) is against security? In the future
I think that many clients will use encrypted communication.
Is this a security risk?

> I think you misunderstand: encryption should include an acceptance by *both*
> ends of the link that the other party is valid (e.g. SSL and certificates)

I have in mind p2p clients that support encryption.I can't filter what I want.

"Marco Maier" <> wrote in message
news:QL3Nc.43211$...
> Hi! Sorry for my English.
> I'm using a firewall that uses intrusion detection systems. I can filter
> any packet (in or out ) that I want but, if the communication is
encrypted
> or compressed it is virtually impossible. A simple example:
> I can't filter google pages based on content unless I disable http 1.1
because
> the outgoing http 1.1 header accepts gzip.
> Is it possible that privacy (encrypted communication) and speed (gzipped
> content or compressed content) is against security? In the future
> I think that many clients will use encrypted communication.
> Is this a security risk?

I think you misunderstand: encryption should include an acceptance by *both*
ends of the link that the other party is valid (e.g. SSL and certificates)

Anything else is, well, pointless.

Don't worry too much about compression - IIRC (and stand to be corrected)
it's been there since at least HTTP 0.9 and is largely unsupported. I looked
at before I wrote NETcruncher..

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!