- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 6 Apr 2012 21:54:24 +0200
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
On Fri, Apr 06, 2012 at 05:39:43PM +0100, Stephen Farrell wrote: > Detecting/blocking inbound malware is a real requirement. I was asking > for evidence that such detection/blocking is happening because of > MITMing TLS. We do have customers asking for this. Their reasoning is simple : - either I can ensure they don't bring malware in ; - or I block the site. Some sites are generally slightly more trusted than other ones. For instance, https to gmail, yahoo, amazon, paypal or banks is trusted because they're expected to clean their contents. So you end up with the classical 3-level filtering : - white-list a bunch of trusted sites - black-list a bunch of other sites - block all other ones or apply MITM if you can Contrary to a common belief, large corporations don't care a dime what you're saying via your webmails, simply because there is far too much traffic to have anyone analyze it. What would you expect them to see at 1000 req/s ~ 30-50 million req/day ? They care about keeping their employees efficient at work, which means ensuring they don't break their tool with malware, and they don't waste their time on online games and social networks. Of course legal stuff is applied too (block access to hate & porn sites). Regards, Willy
Received on Friday, 6 April 2012 19:54:51 UTC