This is Duffbeer703's Typepad Profile.
Join Typepad and start following Duffbeer703's activity
Join Now!
Already a member? Sign In
Recent Activity
@Ejc3 At my employer, we issue our own root certificates to authenticate computers. So when we use the proxy to decrypt incoming SSL connections, we re-encrypt the session between the proxy and browser with using an internally trusted certificate. You should assume that any public computer at a hotel, coffee shop, library, etc is doing this. To the end user, this is transparent, unless you inspect the SSL data. For a nefarious network operator (ie. not an IT organization in a company), this is a little harder to do. You either need to compromise a PC and inject a false Root Certificate, or obtain fraudulent certificates from an intermediate CA trusted by your browser already.
This assumes that the network operator is not a bad actor. A problem with HTTPS is that it can give you a false sense of security. In an enterprise IT environment, you usually cannot have any confidence that your HTTPS session is terminated at the website that you are visiting. In a coffeeshop, this is harder, as the snoop needs to have a trusted SSL certificate. But still possible.
Duffbeer703 is now following The Typepad Team
Feb 14, 2012