Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Cloudflare kicking off "Keyless SSL".

    IT Discussion
    security ssh
    9
    12
    2630
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MattKing
      MattKing last edited by MattKing

      Alright, not to spam the water-cooler today, but this is pretty neat!

      Quote: Tomorrow, we'll publish a full post on the nitty, gritty techical details of how, what has come to be called Keyless SSL™, works. (Update: The post with the technical details is now online.) For now, I'll just tell you about what Sebastien had built. It was a dramatic demo. A simple agent ran on a Raspberry Pi. A web server, running on a remote server on CloudFlare's network, received HTTPS connections. When the Raspberry Pi was plugged in, the connections went through from a browser as they would normally. The lock appeared and the connection was secured, end-to-end. The minute the Raspberry Pi's power was disconnected, HTTPS access terminated.

      https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/

      NOTE: There are still SSL keys involved, it's an interesting take on the "problem" though.

      1 Reply Last reply Reply Quote 0
      • Dashrender
        Dashrender last edited by

        Very interesting.

        1 Reply Last reply Reply Quote 0
        • scottalanmiller
          scottalanmiller last edited by

          That's awesome, yet another reason why I love CloudClare!

          1 Reply Last reply Reply Quote 1
          • T
            Ted last edited by

            Well, this is troublesome.

            To be fair, their entire site is "offline" at the time of this posting.

            1 Reply Last reply Reply Quote 0
            • Reid Cooper
              Reid Cooper last edited by

              Whole site is offline? Maybe they are on AWS, which is having rolling blackouts.

              T 1 Reply Last reply Reply Quote 1
              • T
                Ted @Reid Cooper last edited by

                @Reid-Cooper, perhaps. They seem to be back up and running now, however.

                1 Reply Last reply Reply Quote 0
                • JaredBusch
                  JaredBusch last edited by

                  Just read all of the details. This is an awesome service

                  Out of the SMB price point at $5,000 per month, but the point of it all is awesome.

                  1 Reply Last reply Reply Quote 0
                  • Reid Cooper
                    Reid Cooper last edited by

                    EFF talks about the importance of this move from CloudFlare in NetworkWorld.

                    StrongBad 1 Reply Last reply Reply Quote 2
                    • StrongBad
                      StrongBad @Reid Cooper last edited by

                      @Reid-Cooper Cool

                      1 Reply Last reply Reply Quote 1
                      • Jaguar
                        Jaguar last edited by

                        We'll probably see a new vulnerability in SSL like we did with shellshock as more and more NSA leaks happen, then we'll just end up all moving to new multi-handshake encryptions in the future.

                        Security just always seems to be out of reach these days...

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User last edited by

                          There is never such a thing as true security with anything online. Its just logging and more levels to break through. nothing isn't breakable.

                          scottalanmiller 1 Reply Last reply Reply Quote 0
                          • scottalanmiller
                            scottalanmiller @Guest last edited by

                            @thecreativeone91 said:

                            There is never such a thing as true security with anything online. Its just logging and more levels to break through. nothing isn't breakable.

                            Even offline. There is no security. I'll take online security over offline security any day.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post