[GLLUG] Installing SSL certificate at the request of a WiFi provider
Mike Brodbelt
mike at coruscant.org.uk
Sun May 8 16:45:03 UTC 2016
> Am I right in concluding that in the following quoted from the above
> link, 'protect' means 'prevent'?
Yes. Reporters without Borders has named Blue Coat as one of their
"Corporate Enemies of the Internet":-
https://surveillance.rsf.org/en/blue-coat-2/
The devices have some legitimate uses - the one that springs to mind is
where corporates in regulated industries (i.e. Banks) have a legal
requirement to monitor, so as to prevent employees leaking information
useful for insider trading over outbound SSL sessions. In that case
though, the root CA cert is installed by corporate IT, on end user
workstations owned by the company.
The technology for SSL interception and monitoring is somewhat double
edged though - and the abuses of it (to my mind) substantially outweigh
the legitimate uses. From a personal perspective, I believe that the
development of SSL and HTTPS should endeavour to make these things
impossible. Cert pinning, certificate transparency, DNSSEC, DANE, HSTS
et al are all moves in the right direction. It's become very clear since
the Snowden events that any holes in security technologies will be
exploited on a massive scale, regardless of what is theoretically legal.
Mike
More information about the GLLUG
mailing list