I've been diving deep into the impact of implementing global TLS inspection with Man In The Middle (MITM) proxies, like Zscaler, and it's raising some serious trust issues in communications. With these setups in play, the traditional trust model of TLS seems to break down, and I'm trying to wrap my head around how we can still create a secure and trustworthy system for communication.
I'm exploring questions like: If we stripped it down to basic non-TLS HTTP, how could we set up trust and secure communications? I've considered things like using claims encryption for SAML and OIDC, as well as only employing FIDO2 hardware tokens for authentication. However, even if I nail the authentication part, the MITM could still intercept sensitive info, like JWT tokens or session cookies, leaving users vulnerable.
There's also the challenge of data security, which may require some form of application-level encryption, think along the lines of how SSH secures data flows. I'm also coming to grips with the efforts that organizations like WhatsApp are making towards end-to-end encryption in light of these MITM challenges. My goal isn't to bypass Zscaler for personal traffic—trust me, I can route around that—but to find solid architectural solutions that maintain trust for users, especially since some communication paths may still be subjected to similar interventions.
How should I go about addressing this in terms of systems architecture, DevOps, and the full software development lifecycle? I'm particularly interested in any tips or approaches you've had in dealing with this new threat landscape.
1 Answer
This isn't just a technical issue; it's about trust decisions made by people. You could implement certificate pinning, but even that can be tricky to enforce when the SSL inspection is happening. Also, think about the trust scheme—your trust now relies on the global CA, Zscaler, and your organization. If you have doubts about even one of those, your whole trust model falters.
True, trust issues often stem from choices made at some level. We're tech pros, so it's up to us to find solutions to these issues, even when the roots are human-driven. I'm more curious about technical fixes here.