On Sun, Apr 16, 2023 at 09:20:22PM -0400, Jeffrey Walton wrote: [...] > > Corporations don't need browser cooperation for Data Loss Prevention > > (DLP) (but they already have it). Corporations just run an > > interception proxy, like NetSkope. The NetScope Root CA is loaded into > > every browser trust store. The application will terminate all traffic, > > inspect it, and forward the request if it looks innocuous. > > To be clear... The NetSkope Root CA is loaded into browsers for > computers owned by the corporation. I.e., part of the corporation's > standard image. Heh. You made me search for it in my browser's root CA store ;-) Anyway, your points are all valid. I do recommend to have a look at the browser's default root CA store before saying "you're safe with TLS". This is just marketing. TLS is but one tool. Don't get me wrong: I think widespread use of TLS is a Good Thing. But going about it as if it was Redemption is paternalistic to the point of being counterproductive. Security is a process, not a product, as Schneier says. Cheers -- t
Attachment:
signature.asc
Description: PGP signature