HTTPS content filtering should be easy, assuming they have a database of
sites to filter, and they're not doing it on the fly. For TLS <= 1.2 at
least, you can use https://en.wikipedia.org/wiki/Server_Name_Indication
to get the hostname that the client is attempting to connect to.
Last I read, TLS 1.3 is encrypting/getting rid of SNI, which means
if/when TLS 1.3 comes into play, all bets may be off. I think Procera is
looking into things like machine learning and DNS inspection to try to
deal with this, but it is a constant back and forth.
On 2/8/2018 12:40 PM, Randy Cosby wrote:
Also ask about how they filter HTTPS (i.e.: over 73% of the sites in
*From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Adam Moffett
*Sent:* Thursday, February 8, 2018 10:33 AM
*To:* firstname.lastname@example.org; email@example.com
*Subject:* Re: [AFMUG] Content filtering - Trustwave
Thanks for the tip! I'll be sure to ask them in the engineering call
------ Original Message ------
From: "Cassidy B. Larson" <c...@infowest.com <mailto:c...@infowest.com>>
To: firstname.lastname@example.org <mailto:email@example.com>
Sent: 2/8/2018 11:48:11 AM
Subject: Re: [AFMUG] Content filtering - Trustwave
Ask them about IPv6. I’ve been asking for years. No movement, no
plans. They say I can bridge v6 through it and block all v6.. but
that’s not a solution.
On Feb 8, 2018, at 9:30 AM, Adam Moffett <dmmoff...@gmail.com
Unrelated to Chuck's thread, we started talking internally
about offering content filtering as a value add.
An initial conversation with Trustwave seemed promising, and
I'm supposed to have a follow up to discuss tech details later.
But does anybody still do this? Is there still consumer
interest? How much are/were you selling it for?
Simon Westlake | CEO