Re: HTTPS redirects to HTTP for monitoring

[nanog () jack fr eu org]

> From my point of view, it is better than violate user privacy & safety.

Sneaky is evil.

On 18/01/2015 15:53, Ammar Zuberi wrote:
> So your idea is to block every HTTPS website?
>
>
> > On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6 () gmail com> wrote:
> >
> > > On Sunday, January 18, 2015, Grant Ridder <shortdudey123 () gmail com> wrote:
> > >
> > > Hi Everyone,
> > >
> > > I wanted to see what opinions and thoughts were out there.  What software,
> > > appliances, or services are being used to monitor web traffic for
> > > "inappropriate" content on the SSL side of things?  personal use?
> > > enterprise enterprise?
> > >
> > > It looks like Websense might do decryption (
> > > http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
> > > some sort of session hijack to redirect to non-ssl (atleast for Google) (
> > > https://twitter.com/CovenantEyes/status/451382865914105856).
> > >
> > > Thoughts on having a product that decrypts SSL traffic internally vs one
> > > that doesn't allow SSL to start with?
> > >
> > > -Grant
> >
> > IMHO, it would be better to just block the service and say the encrypted
> > traffic is inconsistent with your policy instead of snooping it and
> > exposing sensitive data to your middle box.
> >
> > These boxes that violate end to end encryption are a great place for
> > hackers to steal the bank and identity info of everyone in your company.
> >
> > That sounds like a lot liablity to put on your shoulders.
> >
> > CB