Note that there are perfectly legitimate reasons for using a MITM proxy like BlueCoat, especially in a corporate-network settiing. But there one usually generates a private CA, and sets that to trusted on the corp. PCs only. And one makes all the employees aware that their communications via corp. devices will (or may) be monitored. The difference is that now any old asshole can do the same meddling (and probably won't even need BlueCoats software, as the CA private key will be recoverable. I know I could do that 10 years ago, and such SW vendors usually never learn).
The whole CA concept remains fundamentally b0rken.
(Not that I'd recommend Bluecoat for a corporate AV/URL-filter, as I had the distinct displeasure of dealing with the POS that is their software.)
(no subject)
Date: 2016-05-30 03:48 pm (UTC)The difference is that now any old asshole can do the same meddling (and probably won't even need BlueCoats software, as the CA private key will be recoverable. I know I could do that 10 years ago, and such SW vendors usually never learn).
The whole CA concept remains fundamentally b0rken.
(Not that I'd recommend Bluecoat for a corporate AV/URL-filter, as I had the distinct displeasure of dealing with the POS that is their software.)