nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTPS redirects to HTTP for monitoring

From: William Herrin <bill () herrin us>
Date: Tue, 20 Jan 2015 10:07:01 -0500
On Tue, Jan 20, 2015 at 5:23 AM, Tim Franklin <tim () pelican org> wrote:

I'd still very much *want* the organization to tell the users
that the internal IT people are breaking their SSL, so
please not to have any expectation that security is doing
what you think it is.


Blame it on the browser devs. They tell users the -wrong- things about
security. Silent about totally unencrypted traffic. Silent about
Sysadmin-installed certs. Noisy with dire warnings about anyone who
wants better than unencrypted without whole-hog signed certs. And God
help you if you train your users to just click "confirm exception."

Regards,
Bill Herrin


-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
Previous By Date Next
Previous By Thread Next

Current thread: