[177411] in North American Network Operators' Group
Re: HTTPS redirects to HTTP for monitoring
daemon@ATHENA.MIT.EDU (nanog@jack.fr.eu.org)
Sun Jan 18 10:24:14 2015
X-Original-To: nanog@nanog.org
Date: Sun, 18 Jan 2015 16:24:05 +0100
From: nanog@jack.fr.eu.org
To: nanog@nanog.org
In-Reply-To: <63418E02-F95D-4331-B56C-E64A52FC36E1@fastreturn.net>
Errors-To: nanog-bounces@nanog.org
From my point of view, it is better than violate user privacy & safety.
Sneaky is evil.
On 18/01/2015 15:53, Ammar Zuberi wrote:
> So your idea is to block every HTTPS website?
>
>
>> On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6@gmail.com> wrote:
>>
>>> On Sunday, January 18, 2015, Grant Ridder <shortdudey123@gmail.com> wrote:
>>>
>>> Hi Everyone,
>>>
>>> I wanted to see what opinions and thoughts were out there. What software,
>>> appliances, or services are being used to monitor web traffic for
>>> "inappropriate" content on the SSL side of things? personal use?
>>> enterprise enterprise?
>>>
>>> It looks like Websense might do decryption (
>>> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
>>> some sort of session hijack to redirect to non-ssl (atleast for Google) (
>>> https://twitter.com/CovenantEyes/status/451382865914105856).
>>>
>>> Thoughts on having a product that decrypts SSL traffic internally vs one
>>> that doesn't allow SSL to start with?
>>>
>>> -Grant
>>
>> IMHO, it would be better to just block the service and say the encrypted
>> traffic is inconsistent with your policy instead of snooping it and
>> exposing sensitive data to your middle box.
>>
>> These boxes that violate end to end encryption are a great place for
>> hackers to steal the bank and identity info of everyone in your company.
>>
>> That sounds like a lot liablity to put on your shoulders.
>>
>> CB
