On Oct 24, 2017, at 3:54 PM, David A. Cooper <david.coo...@nist.gov> wrote: > There are already middleboxes on the market today that do this. They work for > all outgoing connections and don't require any cooperation whatsoever from > the outside servers that the clients are trying to connect to, and only > expert users would notice the presence of the MiTM.
They are also quite expensive because they have to generate certs on the fly. If you look at environments where these are in use, they tend to be either high-margin, or else low-use. So e.g. you only redirect TLS connections that you absolutely need to intercept through the box; other connections are terminated normally. Practically speaking, I don't see any cash-strapped school spending money on one of these devices.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
