On Tue, Jan 20, 2015 at 5:23 AM, Tim Franklin <tim@pelican.org> wrote:
I'd still very much *want* the organization to tell the users that the internal IT people are breaking their SSL, so please not to have any expectation that security is doing what you think it is.
Blame it on the browser devs. They tell users the -wrong- things about security. Silent about totally unencrypted traffic. Silent about Sysadmin-installed certs. Noisy with dire warnings about anyone who wants better than unencrypted without whole-hog signed certs. And God help you if you train your users to just click "confirm exception." Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?