BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Discuss Digest, Vol 88, Issue 10
- Subject: [Discuss] Discuss Digest, Vol 88, Issue 10
- From: worley at alum.mit.edu (Dale R. Worley)
- Date: Thu, 20 Sep 2018 21:57:56 -0400
- In-reply-to: <mailman.9.1537459204.22672.discuss@blu.org> (discuss-request@blu.org)
From: Bill Ricker <bill.n1vux at gmail.com> >> The downside of this latter approach is that the IT org can then sign >> certs for *ANY* other site and therefore intercept all HTTPS traffic >> they wish to see. > > If the IT / SEC group is competent to do the one, they're probably already > doing the other! > > (And possibly consider themselves legally required to, to prevent > exfiltration of sensitive data -- HIPAA, SARBOX, ...) It's a known thing ... you can buy hardware accelerators that terminate HTTPS connections from clients and dynamically generate certs for any host name. Dale
- Prev by Date: [Discuss] Signing update -- license^W key revoked
- Next by Date: [Discuss] [Position-available] Embedded Linux - contract opening
- Previous by thread: [Discuss] Signing update -- license^W key revoked
- Next by thread: [Discuss] [Position-available] Embedded Linux - contract opening
- Index(es):
