Hacker News new | ask | show | jobs
by unluckier 3845 days ago
Even done in the best way possible, SSL inspection puts end users at increased risk. In the real world, vendors make mistakes, which put them at even higher risk. https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-i...
1 comments
userbinator 3845 days ago
In comparison, what is the risk of NOT performing SSL inspection and letting all encrypted data through?

Microsoft Internet Explorer, don't even allow viewing a certificate until after you have accepted it

Incorrect; there is a "view certificate" button on the warning dialog:

https://docs.oracle.com/html/B12013_03/img/sec_ie_install_ce...

link
unluckier 3845 days ago
What version of IE is that dialog from? 6? Things have changed quite a bit since then.

Yes, SSL inspection is a security tradeoff. Whether the folks rolling it out realize this is another story.

link
userbinator 3845 days ago
I don't know about that specific picture (just searched for "IE view certificate" and looked for one that I recognised) but it was there in 5 and 6; I haven't used the newer versions of IE enough to encounter any certificate errors, but a quick search shows that MS did break this functionality:

https://social.technet.microsoft.com/Forums/ie/en-US/e0ec441...

http://www.dslreports.com/forum/r24594731-IE-How-do-I-view-c...

link