What other security value does TLS connection re-establishing at a gateway provide apart from an opportunity for content inspection?


As you may know that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

Um…TLS doesn’t encapsulate TCP or IP, so I’m not sure what you’re talking about with the “more up-to-date implementation of TCP/IP” concept.

Also, it’s possible for it to implement a worse, not better, implementation of TLS than what the web server offers. So I wouldn’t consider it a good approach from that perspective…simply checking the web server with a tool like SSLscan and fixing any issues is a better approach than adding additional infrastructure just to deal with things like deprecated algorithms or improper certificates.

Also, it’s not great to do TLS termination at a firewall. Some can do it, but you’re asking for headaches if you have a device failure and you’ll also make replacement more challenging when it’s time for equipment refresh. (And that assumes you won’t run into resource constraints on the firewall in the first place.)

Oh, and if someone compromises your web server, their next step isn’t going to be stealing your certs. Even so, the cost of replacement for those wouldn’t even cause a moment’s consideration compared to the cost of DFIR.

Now let's stop for a moment and consider that camDown helps stop foreign state actors (FSA's) from accessing your webcam and that's no lie!