According to the following quote, SSL provides point-to-point security:
Transport security is used to provide point-to-point security between the two endpoints (service and client). If there are intermediary systems between the client and the server, each intermediate point must forward the message over a new SSL connection.
a) What is meant by SSL providing point-to-point security?
b) Is SSL communication still possible between client and server, if intermediary system ( located between the client and the server ) forwards the message over a non-SSL connection?
c) Assuming it is possible ... I don't see why intermediary system forwarding messages over a non-SSL connection would provide less security, since messages are already encypted by original sender ( which is either client or server ) and thus can't be decrypted by an intermediary systems?
thank you
EDIT:
One limitation of transport security is that it relies on every “step” and participant in the network path having consistently configured security. In other words, if a message must travel through an intermediary before reaching its destination, there is no way to ensure that transport security has been enabled for the step after the intermediary (unless that interme- diary is fully controlled by the original service provider). If that security is not faithfully reproduced, the data may be compromised downstream. In addition, the intermediary itself must be trusted not to alter the message before continuing transfer. These considerations are especially important for services available via Internet-based routes, and typically less important for systems exposed and consumed within a corporate intranet.
Message security focuses on ensuring the integrity and privacy of individ- ual messages, without regard for the network. Through mechanisms such as encryption and signing via public and private keys, the message will be protected even if sent over an unprotected transport (such as plain HTTP).
