Everyone:
I have been asked to moderate the Peering Track for NANOG 63.
Time is short, and I need to fill a couple hours. If you have interesting ideas
on how to do it, or better yet, would like to present something yourself,
please ping me off-list.
See you San Antonio!
--
TTFN,
patrick
On Sun, Jan 18, 2015 at 08:05:18PM +, Kelly Setzer wrote:
> I don't know if you're referring to HSTS.
No, HSTS is separate to certificate pinning. Certificate pinning would, in
fact, cause Chrome to freak out in the presence of an HTTPS-intercepting
proxy, but that's what it's supposed to do.
chris writes:
> I have been going through something very interesting recently that relates
> to this. We have a customer who google is flagging for "abusive" search
> behavior. Because google now forces all search traffic to be SSL, it has
> made attempting to track down the supposed "bad traffic
I don't know if you're referring to HSTS. If not, it's worth noting in
this thread. As I understand HSTS, session decryption is still possible
on sites that send the 'Strict-Transport-Security' header. See:
https://tools.ietf.org/html/rfc6797
I suspect it's only a matter of time before browsers
I expect your users would fire you when they found you'd blocked access to
Google.
And they would sue you for gross negligence for decrypting their ssn when
access company payroll and cpni data
May I suggest that playing Junior Lawyer on nanog rarely turns out well.
These filter boxes are ty
Honestly, don't do this. Neither option.You can still have some control over
SSL access with ordinary domain based filtering getting proxied, via CONNECT
method or sorta. You don't need filtering capabilities over full
POST/DELETE/UPDATE HTTP methods, and if you believe you need it, you just hav
On 18 Jan 2015 18:15:09 -, "John Levine" said:
> I expect your users would fire you when they found you'd blocked
> access to Google.
Doesn't goog do certificate pinning anyways, at least in their web
browser?
pgphGF6ZqCQVo.pgp
Description: PGP signature
On Sunday, January 18, 2015, John Levine wrote:
> >> So your idea is to block every HTTPS website?
> >From my point of view, it is better than violate user privacy & safety.
> >
> >Sneaky is evil.
>
> I expect your users would fire you when they found you'd blocked access to
> Google.
>
>
And the
>> So your idea is to block every HTTPS website?
>From my point of view, it is better than violate user privacy & safety.
>
>Sneaky is evil.
I expect your users would fire you when they found you'd blocked access to
Google.
>>> These boxes that violate end to end encryption are a great place for
On Sunday, January 18, 2015, Ammar Zuberi wrote:
> So your idea is to block every HTTPS website?
>
>
My idea is to provide secure internet and tell the truth about it.
Proxying And mitm SSL/TLS is telling a lie to the end user and exposing
them and the proxying organization to a great deal of l
On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder wrote:
> I wanted to see what opinions and thoughts were out there. What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things? personal use?
> enterprise enterprise?
Hi Gra
Hello,
I have been going through something very interesting recently that relates
to this. We have a customer who google is flagging for "abusive" search
behavior. Because google now forces all search traffic to be SSL, it has
made attempting to track down the supposed "bad traffic" extremely
dif
>From my point of view, it is better than violate user privacy & safety.
Sneaky is evil.
On 18/01/2015 15:53, Ammar Zuberi wrote:
> So your idea is to block every HTTPS website?
>
>
>> On 18 Jan 2015, at 6:48 pm, Ca By wrote:
>>
>>> On Sunday, January 18, 2015, Grant Ridder wrote:
>>>
>>> Hi
So your idea is to block every HTTPS website?
> On 18 Jan 2015, at 6:48 pm, Ca By wrote:
>
>> On Sunday, January 18, 2015, Grant Ridder wrote:
>>
>> Hi Everyone,
>>
>> I wanted to see what opinions and thoughts were out there. What software,
>> appliances, or services are being used to moni
On Sunday, January 18, 2015, Grant Ridder wrote:
> Hi Everyone,
>
> I wanted to see what opinions and thoughts were out there. What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things? personal use?
> enterprise enter
We use Fortinet firewalls and SSL (HTTPS, FTPS, IMAPS, POP3S, SMTPS,
SSH) inspection is a standard feature. It works by rolling out a custom
CA certificate from the device to all of the desktops and whenever you
hit a SSL site, a cert signed with the CA is generated and presented to
the user.
On Sun, Jan 18, 2015 at 5:29 AM, Grant Ridder
wrote:
> Hi Everyone,
>
> I wanted to see what opinions and thoughts were out there. What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things? personal use?
> enterprise e
Hi Everyone,
I wanted to see what opinions and thoughts were out there. What software,
appliances, or services are being used to monitor web traffic for
"inappropriate" content on the SSL side of things? personal use?
enterprise enterprise?
It looks like Websense might do decryption (
http://co
18 matches
Mail list logo
