On Mon, May 28, 2018 at 10:50 AM, Andrey Khomyakov <khomyakov.and...@gmail.com> wrote: > My understanding is that some enterprises do decrypt traffic in flight with > proxies such as bluecoat, though I'm not sure on the particulars of how > that works.
PCs within the enterprise contain an enterprise-local root in their certificate store. The proxy re-encrypts using a key whose ephemeral cert chains up to the enterprise root. Regards, Bill Herrin -- William Herrin ................ her...@dirtside.com b...@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
