“Digital” tunnel is common in the cyber world.  The TLS (Transport Layer Security) technology is widely deployed: email server initial handshaking before start of communication, SSL (Secure Socket Layer, or https) for web browser to web server, VPN (Virtual Private Network) for point to point (or site to site) connection. All these are for the unique purpose – protect the sensitive information submitted thru untrusted network.

Two key learning:

  • Don’t expect SSL is secure.  Some Internet gateway might have web-proxy in between breaking the SSL connection to intercept SSL for content inspection.  This happens in certain organizations, public free access points or regions with Internet control.
  • Like firearms in the physical world, the usage of encryption (TLS) is a matter of for good or evil purpose: defensive or offensive.  It’s the organization policies, laws & regulations to govern the proper usage.

Leave a Reply