Hacker News new | comments | show | ask | jobs | submit login
Google and Mozilla's message to AV and security firms: Stop trashing HTTPS (zdnet.com)
24 points by jgrahamc 53 minutes ago | hide | past | web | 2 comments | favorite





Obviously HTTPS needs to be implemented correctly.

But this is more a problem with the knee jerk HTTPS everywhere movement and a quick and dirty response than anything else. The browser and OS vendors don't provide high quality APIs for this purpose, so customers are stuck picking security products without an easy way to identify quality gaps.

Even in unregulated industries, most commercial enterprises should be doing TLS inspection -- i would argue that's it is irresponsible not to. How can you claim to protect customer data or respect customer privacy without looking at the data flowing out the front door?

reply


Sadly for companies in some industries (i.e defense or healthcare) there are regulatory compliance issues that force them into running something that can intercept TLS connections. These companies are many times in a position of either weakening security or failing an audit. Until the regulations catch up they will be stuck between a rock and a hard place.

reply




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: