Reply to post: Preventing good security practice

TLS proxies? Nah. Truthfully Less Secure 'n' poxy, say Canadian infosec researchers

Anonymous Coward
Anonymous Coward

Preventing good security practice

My biggest grievance with SSL / TLS proxies is they prevent good security practice on the client. Fundamentally, the end user is the person in the best position to make an assessment of how secure a particular session needs to be. Whilst I might be completely OK with accepting a domain validated (even self signed) certificate when reading theregister, I would certainly not be doing my internet banking under such a connection. The fact that browsers by and large hide this information away behind a blanket lock logo and most users will never look any deeper, doesn’t mean it’s OK to remove this information entirely. Lastly, unless I am wildly underestimating their capability, this proxying (man-in-the-middling) completely breaks certificate pinning on the client, something that generally seems a good thing to encourage.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022