On Fri, Apr 5, 2013 at 12:28 PM, Barry Roberts <[email protected]> wrote: > It's cake until you have to add that cert to your jvm keystore, and > configure git to work when ssl certs don't match, and configure your > package management, and so on, and so on. Working for a large public > company sucks sometimes (?). Filtering employee web access is considered > standard now.
Agreed. It does suck. Also even more worrisome is that this SSL MITM filtering means it's possible and trivial for your company to log, sniff, and eavesdrop on your private HTTPS connections, including your banking info, private web mail sessions, etc. My company has brought up the subject of enabling this feature several times, I have to fight hard every time to prevent it. So far I have been successful. Filtering unencrypted web sessions doesn't bother me, but don't mess with SSL. It breaks trust with users, opens new holes in security, prevents true site verification, and is just plain creepy (IANAL). /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
