10 reasons not to do HTTPS interception

isotopp image Kristian Köhntopp -
March 22, 2017
a featured image

Marnix Dekker has an article on HTTPS interception as it is being done in some workplaces. He lists:

  • Are you serious? We worked so hard to make the web more secure and you are fucking it up.
  • HSTS, you are breaking it.
  • Blinds the browser and the user, because you re-encrypt with wildcard certs.
  • Disrupts personal use.
  • Breaks pinning and CT.
  • Breaks with consumerization.
  • Disrupts BYOD.
  • Discourages good user practices.
  • Limited benefits.
  • and finally: Hard shell, soft inside is not going to work.