←back to thread

Stop Breaking TLS

(www.markround.com)
170 points todsacerdoti | 3 comments | 10 Dec 25 07:06 UTC | HN request time: 0.001s | source
Show context
samuel ◴[10 Dec 25 09:31 UTC] No.46215799[source]
I agree with the sentiment, but I think it's a pretty naive view of the issue. Companies will want all info they can in case some of their workers does something illegal-inappropiate to deflect the blame. That's a much more palpable risk than "local CA certificates being compromised or something like that.

And some of the arguments are just very easily dismissed. You don't want your employer to see you medical records? Why were you browsing them during work hours and using your employers' device in the first place?

replies(3): >>46215855 #>>46216169 #>>46216703 #
1. NicolaiS ◴[10 Dec 25 11:50 UTC] No.46216703[source]
TLS inspection can _never_ be implemented in a good way, you will always have cases where it breaks something and most commonly you will see very bad implementations that break most tools (e.g. it is very hard to trust a new CA because each of OS/browser/java/python/... will have their own CA store)

This means devs/users will skip TLS verification ("just make it work") making for a dangerous precedent. Companies want to protect their data? Well, just protect it! Least privilege, data minimization, etc is all good strategies for avoiding data leaking

replies(1): >>46226756 #
2. tptacek ◴[11 Dec 25 02:02 UTC] No.46226756[source]
Sure it can; it just requires endpoint cooperation, which is a realistic expectation for most corporate IT shops.
replies(1): >>46232930 #
3. acdha ◴[11 Dec 25 15:54 UTC] No.46232930[source]
You also need some decent support + auditing. There are a couple of places to configure (e.g. setting CURL_CA_BUNDLE globally covers multiple OSS libraries) but there will be cases where someone hits one of the edge clients and tries to ignore the error, which ideally would lead to a scanner-triggered DevOps intervention. I think a fair amount of the rancor on this issue is really highlighting deeper social problems in large organizations, where a CIO should be seeing that resentment/hostility toward the security group is a bigger risk than the surface problem.