Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)
Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)
Posted Feb 9, 2012 20:21 UTC (Thu) by dlang (guest, #313)In reply to: Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld) by gmaxwell
Parent article: Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)
you are assuming that the interception was secret from the employees. It's very common for companies large enough to deploy this sort of thing to notify the employees that their use of the company network will be monitored. If an individual then assumes that they are bypassing this policy, that's the individual's mistake.
the advantage of having a CA like this over a private one is that for the private one you have to update the valid CA list on every piece of software that is used in the company. Especially if you use mobile devices, this is a lot of work. I can see why this would have been an attractive option, while at the same time I think it's the wrong thing to do.