There are non-nefarious uses for this: SPAM and virus filtering of encrypted email and blocking of undesirable encrypted web content.

As for being a mini-NSA, the appliances that I helped develop to do this did not allow unecrypted traffic to leave the box (unless we were deliberately doing ingress SSL-termination), though theoretically someone could hacl the box to do this.

The best way to assure users of such a proxy that their content is not being monitored is to disclose the make, model, and confiuration of the appliance and, short of a hacked appliance, decide for themselves if the plain text content is constrained to be in the appliance.

Oh, we also did SPAM filtering on encrypted email with this capability.

There are non-nefarious reasons for an organization wanting to do this, though it clearly compromises end-to-end security if either end does not trust the organization deploying it.

At a former employer, we produced firewall hardware where this was SPECIFICALLY available as a feature. In fact, I developed the software for it. The certificates provided by the external servers are resigned by a CA cert installed on the appliance which is accepted by client machines behind it. Our equipment allowed the option of generating an internal CA cert, which would then be exported to all clients; generate a Certificate Signing Request, which could be signed by a CA already trusted by clients and imported back to the appliance (if the organization had it's own PKI infrastructure); or allow a resigning certificate and key to be imported.

The justification is simply this: "Our network, our traffic."

The practical reasons for this are to permit the firewall to do virus scanning on encrypted web pages and email (I handled SMTP STARTTLS and SMTP/SSL as well).

At least as far as the work I did went, there was no official way to take the plain text traffic off the appliance - it was not "designed" to snoop on employee traffic, though if someone managed to hack the appliance this would be theoretically possible.

Of course, if you are a contractor or employee concerned about the confidentiality of your traffic, you should exercise due diligence with regard to the CA's your machine trusts.

In our case, we DID have the capability to specify domain names for which this resigning would not be done: those that were "trusted" by the organization installing the firewall. This made it possible to go the extra mile and make some banking site traffic secure end-to-end, but it was on a site by site basis.

As I recall, I left the employ of this company prior to SNI support ever being implemented (we barely supported TLS 1.1, and certainly not TLS 1.2 when I was there, much to my protestations, and SNI is a TLS 1.2 Client Hello extension).

The appliance could also be used in a reverse-fashion: protecting web servers (but not virtual ones, for lack of SNI support, unless they shared a domain name), where it could just do SSL termination, with the site-specific certificate (presumably signed by a CA trusted by most browsers), though we allowed resigning here as well, in the event the internal traffic had to remain encrypted.

It's not supposed to be a currency: prisoners are all supposed to be fed the same thing and are not allowed to swap or trade items.

I don't know where this choice of "popular" comes from: if you don't want to eat something, it gets discarded after being served to you.

No.

A terrorist is someone who acts to frighten the public at large, often with the aim to incite political pressure on the government to stop doing whatever it is they do to which the terrorist objects.

A citizen shooting at their government is not a terrorist, but rather a rebel.

Wrong.

Employees can not use employer insurance subsidies to purchase Obamacare, only insurance through their employer. The exemption in question specifically permits members of congress to do just that: use their employer's (that is us, via our tax dollars), insurance subsidy to purchase Obamacare.

They could have at least tried to obscure this with a commensurate (taxable) pay increase, but as so bold as to not even both with the faintest attempt to hide their corruption.

"Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court. The Congress shall have Power to declare the Punishment of Treason, but no Attainder of Treason shall work Corruption of Blood, or Forfeiture except during the Life of the Person attainted."

-- U.S. Constitution, Article III, section 3.

So... bullshit.

There was a (bad) horror movie along this principle: people dying in their sleep from no known cause. Apparently, if people believed that "shadow people" were out to get them, a negative placebo effect would take place, and they'd actually die from the belief alone.

The protagonist trying to expose the phenomenon was convinced, at the last moment, not to, lest an epidemic result.

And in my area that gets you a static IP and you can run whatever server you want. They do prefer that you don't run open relays on port 25, but that's reasonable.

If Obama's arming of al-Qaeda friendly rebels in Syria isn't "adhering to their enemies, giving them aid...", I don't know what is.

Why do you hide beind AC, then?

I'd be fine with prosecuting Bush. On the right, Feinstein supports ripping up the second amendment, and McCain sought to have NDAA include a provision for indefinite detention AFTER acquital by a jury.

I think this administration has done plenty to warrant impeachment (high crimes and misdemeanors), but a charge of treason involves giving comfort and aid to the enemy. Benghazi sticks out on that one, and I am anxious to see more facts and detail emerge.

It isn't so much whether the administration was complicit, but whether they lied, and how much. NSA director Clapper has already put his foot in his mouth on that one in the domestic spying Verizon scandal and is close to being found guilty of perjury. If they have nothing to hide, why are the stories inconsistent and changing?

I may very well be wrong in seeing an ominious pattern where there is none. I'd be happy to be proved wrong. But, I do think it's appropriate to raise the question, to challenge the administration when things don't smell right, and, above all, to NOT fear reprisals, even if they may be believed likely: for my part I noticed (a) a break in to my Facebook account (with nothing really of value or interest there) and (b) access to private hyperlinks referenced there from "interesting" IP addresses. I fully expect that I am on some "list" now.

I don't care. Perhaps I will be "disappeared". IF, and I note IF, that happens, to me, and enough others, then perhaps it would not be for naught, and people might start to wake up.

Paranoia? Perhaps, but I think in a healthy dose. Silence, and fear, on the other hand, always play into the hands of tyrants.

Yes.

I've lived 51 years, most of them O.K., and a few very well.

I'd be quite willing to die on my feet rather than live under tyrany on my knees. Somehow, either beats becoming infirm and dying of old age. On this issue, I thinks heads should roll. The responsible people (all, of them, Republican and Democrat alike), should be found out, tried for treason, and if found guilty, commensurately punished, to send a message to future politicians about who serves whom.

So, without further ado, and to certainly attract the attention at the good folks at the Secret Service:

What to do about a treasonous president

1. 218 (50%+1) of the 435 representative members of congress vote to imeach.
2. 67 (2/3) of the 100 Senators vote to convict.
3. 1 President is removed from office and is now subject to criminal prosecution.
4. 23 members of a grand jury indict him to stand trial for treason (Benghazi certainly qualifies: ordering troops to stand down when Americans are under attack?).
5. 12 members of a jury convict and sentence him for treason.
6. One disgraced, former president.

Rinse, Lather, Repeat with all the other traitors, and send a message to "politicians".

It's an easy process to remember: 218 67 1 23 12, almost like a phone number: (218)671-2312.

I am not afraid, of criticism, of torture, or of death.

She was Canadian. We had a marriage contract, executed in Quebec, CA. Unlike WA, "prenuptual agreements" have no weight there: marriage contracts are notarized, and can cover performance (who does what household duties) as well as assets. It required whoever does not work outside the home to maintain the home, raise the kids, etc. If both worked outside the home, we were to support the household in proportion to our incomes. Standard fare.

Well, she didn't. I remained faithful, but withheld certain "perqs" of marriage.

When she cheated, I figured I had the moral right to divorce her lazy ass. What I didn't realize was that, under WA law, her cheating gave her the right to have me thrown out of my own home, lest I be arrested, on the grounds that she was fearful that I might find out and get violent. So that I might support our kids, I left freely. Of course, that was construed as my abandoning our kids, so I had no chance at custody in the divorce. I regained it after she was found neglectful of them.

That marriage contract? Because it wasn't a prenup, it held no legal weight, precisely the reason we got a marriage contract instead of a prenup in the first place!

After the divorce, she was held in contempt for not selling the house she could not pay the mortgage on (for which I remained responsible, but with her having to make the payments, and I having a power of sale that I ended up exercising). When she lost custody, she alleged I never paid child suport for our son (I threw in an extra $100 a month for an allowance). The state hassled me for the money EVEN AFTER I provided canceled checks with her endorsement on them! I had to hire a lawyer to get them off my back.

But, the problem here isn't what she did as much as the laws that let her get away with it. And, for my part, I was stupid for having married her in the first place.

Then again, in the end, the kids were placed with me, with sole legal custody as well.