[GTALUG] Decrypting and Re-encrypting Network Traffic
James Knott
james.knott at jknott.net
Tue Sep 10 17:28:14 EDT 2019
On 2019-09-10 05:09 PM, Giles Orr via talk wrote:
> Decrypting and re-encrypting network traffic is becoming more and more
> popular. I think it's an appalling violation of both trust and
> privacy, but corporations seem to feel justified to "protect their
> network" (it's not necessary to explain the logic to me, I get it ...
> I'm just more about individual rights). Or maybe they're just doing
> it to mine your data, depending on the context.
>
> There seem to be two circumstances (this is just about web traffic):
> - a private computer on a shared network, ex. you take your personal
> computer to a coffeeshop
> - a company computer on a company network, ex. you sit down at your
> work computer
>
> I think I understand the latter: with a company computer on a company
> network, all that's necessary is to push a trusted certificate and all
> future communications will be done with that newly trusted cert and,
> well, you're hosed. Everything you send is examined and re-encrypted
> with the receiving site's certificate at the company firewall. Can
> this be detected? Can this be prevented?
>
> It seems that some shared networks (ie. the coffeeshop in the above
> examples) manage to do this to people: is this only possible if they
> convince you to install something, and presumably that install package
> includes a certificate? Or is there another way?
>
I'm not sure where you're going with this. For example the coffee shop,
it's long been recommended people use a VPN to prevent eavesdropping and
hacking. Is this what you're referring to? Why is that a problem?
I've never heard of a coffee shop forcing you to install something. I
have, however, come across some restaurants, where you have to register
and then get hit with ads etc. I won't use those ones. As for company
equipment on a company network, well that's entirely the company's business.
More information about the talk
mailing list