Re: breaking TLS (Was: Re: multiplexing -- don't do it)

On 03.04.2012 11:54, Stephen Farrell wrote:
> On 04/03/2012 12:47 AM, William Chan (ι™ˆζ™Ίζ˜Œ) wrote:
>
>>> You really mean "prevent" there? POSTing a rot13 version of the
>>> corporate secret won't work? And I thought more anti-porn policies
>>> were domain name and not content based.
>>>
>>
>> I don't mean _completely_ prevent. But help stop the 9X% case? Yeah, 
>> I
>> think that's what they're shooting for. I'm not well versed in the
>> intricacies of IT policies using these SSL MITM proxies
>
> Me neither. That's why I asked. But I'd like to know not
> just about the policy they want to (or pay to) enforce,
> but rather also about the effectiveness of their attempts
> at enforcement.
>
> S
>

IME admin are usually not that eager to do MITM on TLS. It is required 
by policy makers who just want to publish tick-box policies about the 
things they can prevent, HTTPS just being one of many policy evasions to 
be worked around. Collateral damage and accuracy is not so important as 
having the ability to be vocal about it and tick off that security 
checkbox without being caught lying.

AYJ

Received on Tuesday, 3 April 2012 00:19:30 UTC