• @bokherif
    link
    English
    413 days ago

    Right, like a router can unencrypt and read what’s on the link. This is just IP blocks which will never work lol.

    • Semperverus
      link
      English
      263 days ago

      “Hey there customer, if you want internet access on our network (the only one available in your area), you have to install our intermediary certificate on your machine!”

      • exu
        link
        fedilink
        English
        32 days ago

        From having worked in an enterprise environment, there’s a chunk of websites that break when you intercept their SSL connection.

        • Semperverus
          link
          English
          21 day ago

          Oh yea definitely, I know this pain very well

          • exu
            link
            fedilink
            English
            21 day ago

            Not really, because the client system is configured to go through the proxy. That proxy will connect to the website and do filtering on the unencrypted content because it is initiating the connection. Next it’ll re-encrypt everything with its own certificate and serve it to the client.

            • @[email protected]
              link
              fedilink
              English
              21 day ago

              Oh you’re talking about enterprise scale mitm attacks on your own coworkers not the general case.

              • exu
                link
                fedilink
                English
                17 hours ago

                Yes, but that’s what you would need to do and get if everyone had to install an intermediate cert.

        • Semperverus
          link
          English
          123 days ago

          “Oh sorry, looks like we couldn’t decrypt that traffic, those packets went to the burn pile”

          • @asdfasdfasdf
            link
            English
            12 days ago

            How do they know what qualifies as “encrypted” vs a binary blob that could be a photo or something?

            • Semperverus
              link
              English
              11 day ago

              File headers, magic bits, all sorts of stuff. Plus you can (and they do) try to load common file types, so if a PNG isn’t loading correctly, it fails the test.