On Mon, May 09, 2016 at 09:23:20PM +0000, William Waites wrote:
Blake Hadley moosehadley@gmail.com writes:
The environment requires an HTTPS proxy to reach the World Web Web.
Do HTTP proxies inherently create a situation similar to MITM?
Yes, that is exactly what they do. If your web browser isn't nagging you all the time with "hey this certificate is untrusted" then a signing certificate will have had to be installed in your computer. This lets your employer decrypt all of your HTTPS traffic, inspect it, and reencrypt it. Unless you understand exactly what is happening and what to do about it, best to avoid using the Internet from there altogether.
Well, an "HTTPS proxy" doesn't have to be a TLS interception device. When I think "HTTPS proxy", I think of an ordinary HTTP proxy using the CONNECT method to support TLS. In that case, the proxy does not get to see plaintext, which includes the path part of the URL. The proxy can tell what domain name you are connecting to, but not what document you are requesting.
In either case, there's no benefit to obfuscating the download names.