Not what you are looking for? Ask the experts!
Does NS Scan HTTPS Traffic ?
The subject of HTTPS scanning has recently become a hot security issue. Many argue that scanning HTTPS traffic decreases, rather than increases security. I have read on a post on Wilders that says that NS does not scan HTTPS traffic.
The issue became hot when an article was published demonstrating how Kaspersky's implementation of HTTPS scanning made it's users vulnerable to The FREAK and other critical malicious attacks.
(I believe Kaspersky has issued an update to protect it's users from ONE of the several vulnerabilities scanning HTTPS traffic exposes the user to.)
Some security suites don't scan HTTPS traffic to protect the user's privacy, even without the vulnerability concern.
The Electronic Frontier's Position on the subject is very clear:
"Dear Software Vendors: Please Stop Trying to Intercept Your Customers’ Encrypted Traffic...
But the most important lesson is for software vendors, who should learn that attempting to intercept their customers’ encrypted HTTPS traffic will only put their customers’ security at risk. Certificate validation is a very complicated and tricky process which has taken decades of careful engineering work by browser developers.2 Taking certificate validation outside of the browser and attempting to design any piece of cryptographic software from scratch without painstaking security audits is a recipe for disaster..."
It certainly is a dilemma for security suite vendors - a trade-off of sorts. It is my understanding that approximately 33% of all web traffic is now https traffic.
Heads I win, Tails you lose