On 4/11/17 11:41 pm, Jon Gerdes wrote:
We all need to have a deep think about what https *really* *really* means. * The aim of SSL/TLS is to ensure confidentiality from one point to another If I put up a website and I want to guarantee that the connection between my website and the end user is secure then I would not be happy if I found out that someone was breaking that link. Using splice is an attempt to break that link. Have a deep think about what you are trying to do - whatever it is.
What Jon says is absolutely spot on. Remember, we (collectively, as network designers) are building networks that are going to be used by real people; we can't exist in a vacuum.
Think *very* carefully about what you are trying to achieve by breaking into HTTPS connections, why you think that is a good idea, and (most importantly) the risks involved.
Think about how your users are going to feel when they find out you're doing this - if you've not already told them.
Check very carefully whether you are opening yourself up to additional legal liability (depending on jurisdiction) - take proper legal advice if necessary. If you are breaking into your users' online banking sessions, for example, and one of them is compromised because something was inadvertently leaked by your proxy, you might find yourself in a whole world of legal unpleasantness.
Kind regards, Chris -- C.M. Bagnall, Director, Minotaur IT Limited For full contact details please visit www.minotaur.it This email is made from 100% recycled electrons _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
