Props to Microsoft, who have literally made "not randomly force-installing shit on your corporate computers from the app store" a way to extort businesses into signing an Enterprise agreement.
-
-
Is it, though? What about people accessing intranets via VPN, what abou BYOD?
-
Tweet unavailable
-
BYOD is bad too (& usually abusive). Employers should not be offering or requiring it. Corporate data should never be on personal machines and vice versa.
-
Even if that weren't magical thinking (I agree on desirability, but it's entirely unlikely to happen), what about volunteers at smaller NGOs?
-
NGOs have no reason to be MITM'ing their volunteers or employees. Custom root CA support is needed purely for nefarious corporate asset-control/employee-policing purposes.
-
FWIW I define BYOD largely by whether it necessitates "device management" backdoors & policies that compromise personal privacy to corporate IT and demand right to wipe disks.
-
If you can use a personally-owned device without those considerations, it's largely outside the scope of what I'd call BYOD (but probably an awful idea for the company).
End of conversation
New conversation -
-
-
Wouldn't that break the ability of users to login to intranet apps though? Ex: DoD military with CAC reader.
-
No, not unless the site is implemented horribly wrong. You need client cert and possibly a domain-specific CA cert, not a nonstd root CA.
-
Well, at least in DoD they do seem to use a separate root CA, though maybe cross-signing would work? http://militarycac.com/dodcerts.htm
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.