Let’s encrypt – but let’s also decrypt and inspect SSL traffic for threats

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Ever since Edward Snowden’s revelations in 2013 SSL encryption has become all the rage with application owners, and that, in turn, has lead to the rise of attacks hiding in SSL traffic. What’s more, movements like Let’s Encrypt, the free, automated and open certificate authority (CA) provided by the Internet Security Research Group (ISRG), have inadvertently created a new set of vulnerabilities. Attackers are able to exploit Let’s Encrypt to generate their own seemingly legitimate SSL certificates to sign malicious code or to host malicious HTTPS sites.

To read this article in full or to leave a comment, please click here

Read more: Let’s encrypt – but let’s also decrypt and inspect SSL traffic for threats

Story added 10. February 2016, content source with full text you can find at link above.