OutHouse
Lifer
- Jun 5, 2000
- 36,413
- 616
- 126
Not really. It is pretty simple to insert ourselves in the certificate chain. The only way you would know is if you actually inspected the certificate and saw that it wasn't the google one but one generated from a CA in the company that your workstation trusts. It is a bit harder to insert in to the SSH tunnel but you can monitor the data fairly well there also.
Don't flame for this I'm only asking not pointing fingers. I am not too versed on certs but wouldn't messing with a certificate like that be borderline cyber crime? what business need would a company have to do something like this? i dunno i think that is taking it a bit too far. why not just block webmail using opendns or at the firewall.