Reco:
One can also do it if one is the person's employer and owns the machine that the employee is running, no DNS resource record modifications required, merely the employer as an additional root authority pushed out via group policy or suchlike and either custom proxy auto-configuration or transparent proxying at the borders. This has been a known practice for many years, and there have been for that time a wide range of products sold to employers for specifically doing this. * https://technet.microsoft.com/en-gb/library/ee658156.aspx * http://cookbook.fortinet.com/why-you-should-use-ssl-inspection/ * https://securebox.comodo.com/ssl-sniffing/ssl-inspection/ * https://www.zscaler.com/products/ssl-inspection * https://www.globalsign.com/en/blog/what-is-ssl-inspection/ ... and so on. |