On 17 Jul 2017, at 18:40, Simon Friedberger wrote:
I'm not sure the same considerations should apply to both those situations.
Actually, they do, when you're on your network prior to the egress point - apologies for being unclear about that.
Many enterprises force all outbound user-generated traffic through proxies, which then inspect TLS-wrapped traffic, blocking bad traffic (like data exfiltration) while then opening up proxy connections for legitimate traffic, FYI.
Conversely, they do the same with inbound traffic in response to said user-generated traffic, and block things like malware downloads.
----------------------------------- Roland Dobbins <rdobb...@arbor.net> _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
