CERT: HTTPS Interception Products Weaken Companies' Security

[Lucian Armasu]

The United States Computer Emergency Readiness Team (CERT) advised companies not to use HTTPS inspection products because they might make their security weaker.

CERT: HTTPS Interception Products Weaken Companies' Security : Read more

 

[firefoxx04]

A lot of companies willing to do this do not use certificate authorities in the first place. The browser already thinks there is a MITM attack 24/7. So why does it matter that we are performing a MITM attack on ourselves if we already do not use signed certificates?

 

[BPusch]

We call it content filtering in the EDU universe and that won't be going away anytime soon. The secret to success is to pay, continuously, for a high quality product that does check the SSL connections it forms against known quality lists. Money won't solve everything, but it works here. This content filtering is important to keep us compliant with state laws. With the push to move everything to SSL, it has presented some challenges that perhaps policy and legislation haven't kept up with.