On Tue, Sep 18, 2018 at 10:02 AM Derek Atkins <warl...@mit.edu> wrote:
> Bill Ricker <bill.n1...@gmail.com> writes: > > > (b) closed intranet (no BYOD allowed) where one IT org controls both the > > desktops and the webservers, and you install the Corp private selfsigned > CA > > key into IT release of IE/Edge, FF, Chrome. > > The downside of this latter approach is that the IT org can then sign > certs for *ANY* other site and therefore intercept all HTTPS traffic > they wish to see. > If the IT / SEC group is competent to do the one, they're probably already doing the other! (And possibly consider themselves legally required to, to prevent exfiltration of sensitive data -- HIPAA, SARBOX, ...) -- Bill Ricker bill.n1...@gmail.com https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss