[profmonocle]

> SSL Everywhere will force institutions to either block any internet connectivity or impose Man-in-The-Middle proxies

MITM proxies are already how many organizations handle web filtering. (aka "transparent proxies") TLS just necessitates that the organization have some control over the device being MITM'd to do so. (to install their cert)

[phkamp]

... And now they also need to circumvent Googles cert-pinning and other attempts to twart even legally mandated MiTM proxies...

Either all MiTM needs to be outlawed (with actual laws) or protocols need to recognize that laws mandate MiTM some places, and accommodate that with minimal loss of security and privacy.

The current weapons race just makes things more and more broken.

[rdl]

Local CAs are allowed to override even cert-pinning for this reason.

[phkamp]

Right, so when you're guest at a company you have to install their CERT on your device to use their guest-wlan ?

If you're an employee you have to put the company CERT on your smartphone ?

How does that improve your security ?

[snowwrestler]

Guests shouldn't be on the corporate network anyway. Either companies will provide a guest WiFi signal that is physically separate from the corporate network (that's what my employer does), or they will ask guests to provide their own connectivity via LTE.