User's computer is "A". ISP / gateway that user's computer uses to
connect to internet is "B" Steganos Anonym server is "C". Endpoint
user wants to connect to is "D".
Using Steganos Anonym you get a guaranteed HTTPS handshake between
points: A,B,C guaranteed.
***
Wrong, you could get a handshake between A and C (AC) in which case B
would become irelevent.
If you wanted B to be relevent, and still communicate from A to C
through B then you would require two handshakes AB then BC and B would
then be working with unencrypted data.
***
Wait we have a disconnect here, literally and figuratively. All data
must pass through B's servers, do you agree? All data. Whether
encrypted or not.
***
Yes, but it is irrelevent to the TLS/SSL that was implemented for the
HTTPS session. To them, packets with encrypted data are the same as
packets with non-encrypted data. If the deal (handshake) was between A
and Z and passes through all of the other letters of the alphabet (I can
list them for you if you need), they may all handle the packets but only
the Z server will be able to decrypt them (and *must* decrypt them)
before being passed to the next layer.
***
What you are saying is that if B needs to take a peek at the data, say
it's a web method that needs input from B, obviously B has to decrypt
it.
***
Yes, in which case you would have to have a AB handshake followed by a
BC handshake if the final destination is C.
***
But how can A and C do a handshake unless A's data passes through
B? A is a customer of B.
***
A requests that C use HTTPS, that request goes through B like any other
packet would. C gives A (through B) the necessary items (C Public key
and random#) to set up the encrypted session, they share secrets
(assymetric key encrypted) and calculate a common symmetric key to use
against the data.
***
A uses a DSL modem to communicate with B's
servers (here, OTENET, the national carrier of Greece), then B
forwards any data from A to the world wide web. Am I missing
something?
***
No, that's about it.
Think of it like this. If you want to conceal (cover) your data
documents from prying eyes you can encrypt your data, if you want to
conceal your communications session from prying eyes use TLS - for
instance TruCrypt covers your data (like your documents) and TLS covers
your session (like telling your anon server your password so you can log
on). After logging on, you may want to send data to the police
department server without allowing the anon server admin to view
plaintext (uncovered) documents - in which case you will want to cover
the documents as well. The anon service will forward your packets to the
police server while modifying the IP address so that you can't be traced
back without the cooperation of the anon server admin. The police server
may or may not support HTTPS which means that your traffic can be
sniffed (the IP is already essentially bogus) but at least your data
(documents) are still covered. You would have had to give the police a
TruCrypt key to decipher the documents.
It's confusing, but this scenario comes about because you might trust
the police with the information (give them a key) while you don't trust
them with your true identity or the way your identity could be deduced
from you *real* IP and account information *and* you don't trust the
anon service's admin with the documents. These things all operate
independently of each other.
***
, all use the same ones.