[GLLUG] Installing SSL certificate at the request of a WiFi provider

Mike Brodbelt mike at coruscant.org.uk
Sun May 8 16:45:03 UTC 2016

> Am I right in concluding that in the following quoted from the above
> link, 'protect' means 'prevent'?

Yes. Reporters without Borders has named Blue Coat as one of their 
"Corporate Enemies of the Internet":-


The devices have some legitimate uses - the one that springs to mind is 
where corporates in regulated industries (i.e. Banks) have a legal 
requirement to monitor, so as to prevent employees leaking information 
useful for insider trading over outbound SSL sessions. In that case 
though, the root CA cert is installed by corporate IT, on end user 
workstations owned by the company.

The technology for SSL interception and monitoring is somewhat double 
edged though - and the abuses of it (to my mind) substantially outweigh 
the legitimate uses. From a personal perspective, I believe that the 
development of SSL and HTTPS should endeavour to make these things 
impossible. Cert pinning, certificate transparency, DNSSEC, DANE, HSTS 
et al are all moves in the right direction. It's become very clear since 
the Snowden events that any holes in security technologies will be 
exploited on a massive scale, regardless of what is theoretically legal.


More information about the GLLUG mailing list