Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...and it doesn't even matter if the employee-owned devices don't have the employer CA certificate installed; their traffic still gets MITMed and DLPed just fine. It's just that they don't get an (incorrect) indication that their session hasn't been MITMed, which if it is a problem at all, is a problem for the employee.


There are lots of applications that use HTTPS under the covers that will break if certificate validation fails, so not having the root cert installed does "break" those devices.

(There are unfortunately even more apps that use HTTPS under the covers that appear not to care whether certs validate).


Sure, but that falls right into the category of "a problem for the employee". The traffic still gets MITMed, so the employer shouldn't care.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: