Wouldn't it be easier to just decree that HTTPS is illegal and block all outbound 443 (only plain-text readable comms are allowed)? Then you would not have the decrypt-encrypt/decrypt-encrypt slowdown from the MITM.
If you don't want to make everyone install a certificate: Issue a double-wildcard certificate (*.*) that can impersonate any site, load it on a BlueCoat system, and sell it to a repressive regime: https://www.dailydot.com/news/blue-coat-syria-iran-spying-software/ Both scenarios end up in the same place: Nobody trusts encryption/SSL or CAs anymore. On Friday, July 19, 2019 at 1:27:17 PM UTC-7, Jakob Bohm wrote: > On 19/07/2019 21:13, andrey.at.as...@gmail.com wrote: > > I am confused. Since when Mozilla is under obligation to provide customized > > solutions for corporate MITM? IMHO, corporations, if needed, can hire > > someone else to develop their own forks of Chrome/Firefox to do snooping on > > HTTPS connections. > > > > In regular browsers, developed by community effort and with public funds, > > ALL MiTM certificates should be just permanently banned, no? > > > > As others (and I) have mentioned, MitM is also how many ordinary > antivirus programs protect users from attacks. The hard part is > how to distinguish between malicious and user-helping systems. > > > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
