CERT: HTTPS Interception Products Weaken Companies' Security

Status
Not open for further replies.
A lot of companies willing to do this do not use certificate authorities in the first place. The browser already thinks there is a MITM attack 24/7. So why does it matter that we are performing a MITM attack on ourselves if we already do not use signed certificates?
 
We call it content filtering in the EDU universe and that won't be going away anytime soon. The secret to success is to pay, continuously, for a high quality product that does check the SSL connections it forms against known quality lists. Money won't solve everything, but it works here. This content filtering is important to keep us compliant with state laws. With the push to move everything to SSL, it has presented some challenges that perhaps policy and legislation haven't kept up with.
 
Status
Not open for further replies.