It’s also about DLP and other related topics. There is a deep well here we keep tiptoeing around. Some things are mitigated by enterprise certificates and others are far more tricky.
Doing this with DNS helps with that defense in depth. Removing that layer of defense will increase risks on one side while decreasing them on the other. You also have a hard time telling employees why you have a MITM box and it reduces your talent pool. People here may not worry about it but the insurance carriers for the businesses do. Sent from my iCar > On Mar 20, 2019, at 4:08 PM, Matthew Pounsett <m...@conundrum.com> wrote: > > I can't afford to probe every IP address on the planet on a regular basis, > and dynamically modify my blocking based on that. It's far, far less > expensive to just automatically MitM all web traffic on my network, even > though that is far more expensive than what I have to do today. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop