Ask Slashdot: Transparent HTTPS proxying - acceptable or abominable?

+ - Ask Slashdot: Transparent HTTPS proxying - acceptable or abominable?-> 0

Submitted by

jez9999

on Wednesday June 13, 2012 @02:03PM

jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Transparent HTTPS proxying - acceptable or abominable?

Load All Comments

Search 0 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Ask Slashdot: Transparent HTTPS proxying - acceptable or abominable? More Login

Ask Slashdot: Transparent HTTPS proxying - acceptable or abominable?