• Semperverus
    link
    English
    263 days ago

    “Hey there customer, if you want internet access on our network (the only one available in your area), you have to install our intermediary certificate on your machine!”

    • exu
      link
      fedilink
      English
      32 days ago

      From having worked in an enterprise environment, there’s a chunk of websites that break when you intercept their SSL connection.

      • Semperverus
        link
        English
        21 day ago

        Oh yea definitely, I know this pain very well

        • exu
          link
          fedilink
          English
          21 day ago

          Not really, because the client system is configured to go through the proxy. That proxy will connect to the website and do filtering on the unencrypted content because it is initiating the connection. Next it’ll re-encrypt everything with its own certificate and serve it to the client.

          • @[email protected]
            link
            fedilink
            English
            21 day ago

            Oh you’re talking about enterprise scale mitm attacks on your own coworkers not the general case.

            • exu
              link
              fedilink
              English
              18 hours ago

              Yes, but that’s what you would need to do and get if everyone had to install an intermediate cert.

      • Semperverus
        link
        English
        123 days ago

        “Oh sorry, looks like we couldn’t decrypt that traffic, those packets went to the burn pile”

        • @asdfasdfasdf
          link
          English
          12 days ago

          How do they know what qualifies as “encrypted” vs a binary blob that could be a photo or something?

          • Semperverus
            link
            English
            11 day ago

            File headers, magic bits, all sorts of stuff. Plus you can (and they do) try to load common file types, so if a PNG isn’t loading correctly, it fails the test.