On 27/03/15 06:41, Man Ho (Certizen) wrote: > Yeah, if this device is designed to issue certificates automatically. > Why does it have this feature? The answer is obviously for traffic > monitoring. But then why Paloalto would develop such problematic feature > which violate security principle? If it is a common feature in Paloalto > firewall (or even other brands of firewalls), I'd believe that many > organizations are doing the same thing. Should firewall vendors or > developers take some responsibilities too?
Such a feature can be used without endangering the global PKI by using a corporation-specific root which is installed on all browsers inside the enterprise. So there is nothing wrong, by itself, with this feature existing in firewalls. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
