HTTPS content filtering should be easy, assuming they have a database of
sites to filter, and they're not doing it on the fly. For TLS <= 1.2 at
least, you can use https://en.wikipedia.org/wiki/Server_Name_Indication
to get the hostname that the client is attempting to connect to.
Last I read, TLS 1.3 is encrypting/getting rid of SNI, which means
if/when TLS 1.3 comes into play, all bets may be off. I think Procera is
looking into things like machine learning and DNS inspection to try to
deal with this, but it is a constant back and forth.
On 2/8/2018 12:40 PM, Randy Cosby wrote:
Also ask about how they filter HTTPS (i.e.: over 73% of the sites in
America).
https://www.engadget.com/2017/10/21/googles-annual-report-shows-more-web-traffic-is-encrypted/
*From:* Af [mailto:[email protected]] *On Behalf Of *Adam Moffett
*Sent:* Thursday, February 8, 2018 10:33 AM
*To:* [email protected]; [email protected]
*Subject:* Re: [AFMUG] Content filtering - Trustwave
Thanks for the tip! I'll be sure to ask them in the engineering call
next week.
------ Original Message ------
From: "Cassidy B. Larson" <[email protected] <mailto:[email protected]>>
To: [email protected] <mailto:[email protected]>
Sent: 2/8/2018 11:48:11 AM
Subject: Re: [AFMUG] Content filtering - Trustwave
Ask them about IPv6. I’ve been asking for years. No movement, no
plans. They say I can bridge v6 through it and block all v6.. but
that’s not a solution.
On Feb 8, 2018, at 9:30 AM, Adam Moffett <[email protected]
<mailto:[email protected]>> wrote:
Unrelated to Chuck's thread, we started talking internally
about offering content filtering as a value add.
An initial conversation with Trustwave seemed promising, and
I'm supposed to have a follow up to discuss tech details later.
But does anybody still do this? Is there still consumer
interest? How much are/were you selling it for?
--
Simon Westlake | CEO
[email protected]
(702) 447-1247
https://sonar.software
