Technical specs / architectural questions

Hi,

 

Have you got a technical architecture / flow diagram of Freedome that can be shown to the customers?

 

Would be nice to see what happens to the traffic, what kind of decision points there are, where the traffic goes and have a list of actions done to the traffic.

 

Without seeing the diagram, I had few open questions that could I could verify to some extent, but it's quicker to just ask:

 

  • Does freedome intercept SSL/TLS traffic?
  • If not, what about tracking cookies or malicious packages inside encrypted traffic?
  • If yes, does it also intercept e.g. web bank traffic?
  • If yes, what kind of cipher suites are used at client side and which CA:s are trusted for server certs?
  • Does one communicate directly with the each country's VPN concentrator, or does the traffic go inside from one country to another inside some kind of internal network?
  • Who and how is decided, which tracking cookies / sites are blocked?

Thanks in advance!

Best Answer

Comments

  • PaiviPaivi Posts: 80 Former F-Secure Employee

    Hello,

     

    Sorry for the delay with our response. We don't,unfortuantely, have such technical documentation available. I will, however, collect the answers to your good questions and get back to you next week.

     

    Best,

    Päivi, Freedome product manager

  • PaiviPaivi Posts: 80 Former F-Secure Employee

    Regarding the cipher suite question:

     

    Control channel: TLS, 2048 bit RSA auth, typically AES256+SHA1 HMAC but depends on client capabilities
    Data channel: Blowfish with 128-bit key + SHA1 HMAC

     

    For data channel we're about to switch to AES-128 instead of Blowfish.

This discussion has been closed.