[hannob]

I guess that will give them an incentive to fix those devices quickly.

[josephcsible]

Ha, good one. For the average company that breaks SSL, I expect something like this instead: "new corporate policy update: for security reasons, you're no longer allowed to visit HTTPS Web sites that use Let's Encrypt. If the Web site you want to visit still allows HTTP, that continues to be acceptable."

[hannob]

Ain't gonna happen. Let's Encrypt is too big to be ignored.

You can't practically use the web like that.

[ethbr0]

> You can't practically use the web like that.

is looking at a corporate firewall blocking Stack Overflow right now

... "practical" is setting your expectations a bit high.

[josephcsible]

We know this, but I don't think everyone does. I'm sure that at least some places will learn this the hard way.

[hannob]

Maybe we just had a misunderstanding. What I was trying to say: Once this happens and everything breaks they will have an incentive to fix things quickly.

By no means do I expect vendors of "SSL inspection" devices to act any sooner than that.

[0xbadcafebee]

They will just add an additional TLS proxy with a self-signed cert that ignores all validation. Security will be broken but users will be able to continue to do their work.