So I guess I'm just curious what the overall opinion of multiple people is regarding decryption and how well they take into account local laws, etc. I get decrypting traffic can be a major step up in security and basically unlocks a lot of potential in a shiny expensive new firewall. however there's always of course some debate. so baseline: I live in a region where we can decrypt traffic( but the user has to have a disclaimer somewhere that his traffic can/will be decrypted) apart from certain types of traffic we can't decrypt: financial (due to personal bankaccount and what not) government (due to private info like an equivalent of social security number, passport id, etc) health and medicine (due to personal medical records, info, etc.) fairly straightforward. however upon inspecting all possible palo alto web categories there are 2 which may be somewhat of a gray area: stock advice and tools (stock advice not so much, however tools I understand as apps to buy/trade stocks, etc I checked one site I use myself for stock trades. however that one is classified as financial. I'm however not confident that the url category for every stock trading tool would be classified as financial.) cryptocurrency (same as the tools. it's basically a subcategory of financial for me... I checked with the sites like coinbase, bittrex, etc.. that's cryptocurrency) finding this above then got me thinking. do any of you manage/configure a firewall in a region with similar policies. and if so what do you do? Do you opt to decrypt a bit too much rather then take the safe route and decrypt less? regarding legal what do you think your responsibility is? eg: inform end-customer/company there are limitations but let their legal decide (apart from blatant illegal request like yes decrypt financial as well for us) or do somewhat intense research yourself? have any of you ever gotten in trouble or been addressed regarding a decryption policy you set up, or gave the instruction to set up? what's your opinion on this?
... View more