[177451] in North American Network Operators' Group
Re: HTTPS redirects to HTTP for monitoring
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Jan 20 10:07:41 2015
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <595911751.5837.1421749433480.JavaMail.zimbra@pelican.org>
From: William Herrin <bill@herrin.us>
Date: Tue, 20 Jan 2015 10:07:01 -0500
To: Tim Franklin <tim@pelican.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Jan 20, 2015 at 5:23 AM, Tim Franklin <tim@pelican.org> wrote:
> I'd still very much *want* the organization to tell the users
> that the internal IT people are breaking their SSL, so
> please not to have any expectation that security is doing
> what you think it is.
Blame it on the browser devs. They tell users the -wrong- things about
security. Silent about totally unencrypted traffic. Silent about
Sysadmin-installed certs. Noisy with dire warnings about anyone who
wants better than unencrypted without whole-hog signed certs. And God
help you if you train your users to just click "confirm exception."
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
