On Thu, Aug 26, 2010 at 10:04 AM, Dave Smith <[email protected]> wrote: > Agreed. They cannot filter SSL traffic, right? One advantage (if you can > call it that) of an explicit proxy is that it can do SSL filtering (albeit > in a broken, obnoxious way).
True, but many of the stock appliances (sonicwall, fortinet, etc) filter SSL traffic by IP. Not perfect, but closer. And filtering SSL using a Proxy is akin to MITM attacks. Very dangerous IMHO. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
