Re: [squid-users] SSLBump, help to configure for 3.1.0.16

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Thu, 18 Feb 2010 09:19:49 +0100

> On Tue, Feb 16, 2010 at 7:17 AM, Matus UHLAR - fantomas
> <uhlar_at_fantomas.sk> wrote:
> > Are you aware of all security concerns when intercepting HTTPS connections?
> >
> > ...I just wonder when will first proactive admin (or someone from his managers) sent
> > to prison because of breaking into users connections.

On 16.02.10 09:40, K K wrote:
> Laws vary by country. At least in the US, SSL-Intercepting admins are
> much more likely to face civil liability than any sort of criminal
> charge. So no prison, just bankruptcy.

IT highly depends on what will admin do with the data - if and what data
will leak out.

> With the requirement to load a public key on the machine being
> intercepted, generally this is only deployed in situations where the
> owner of the proxy also already "owns" the user machine.

I still would like to warn all admins of security breach using the sslbump
and legal or ethical risks of doing that.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges. 
Received on Thu Feb 18 2010 - 08:19:56 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST