Blocking? Cloudflare provides corporate TLS MITM regimes.

"Corporate MITM" is built into the very idea of PKI. Running your own custom PKI is a completely valid way to operate a network. This is a feature because it allows anyone to establish their own trust tree, completely outside of the public certificate trust network.

"Regimes" sounds pejorative but in truth, companies have a duty and in many cases a legal obligation to protect their networks. Prima facie, I don't see any reason at all why interception of traffic in this circumstance is "bad," except maybe a potential for political misuse like any other written medium.

I actually think the reverse would be substantially worse: if _only_ the public trust chain was valid in major browsers, we would be completely hosed and there would be no distinguishing factor at all between remote attestation and trust.

Thus, corporate TLS interception is, at worst, a necessary byproduct of a very well chosen tradeoff.

And as a personal user, I also should have the right to intercept the traffic on my network.

I have a minor quibble with "my network". You should have the right to intercept the traffic originating or terminating at your devices, but not to intercept any traffic going between other people's devices just because it's on your network.

Then it wouldn't be my network anymore.

Should your ISP be able to MITM all of your traffic just because it's going over their network? If not, then what's the difference?

That's what I'm standing up for in this comment, but you've characterized it as opposition. I don't understand, perhaps you'd like to clarify.

I'm not opposing, just adding more context.

Ever since Google started pushing HTTPS I understood that non-encryption would be a future privacy problem.

Why? This isn't the 90s any more. You shouldn't use your employer's systems for anything other than work.

Hah, remember how Amazon invented "Cyber-Monday"? They claim the Monday after Thanksgiving when people go back to work it'll be their first encounter with Internet-connected computers after the Thanksgiving vacation, and it's the time where they'll be most busy shopping for Christmas presents...

Amazon was barely a blip when Cyber Monday first came out, let alone the inventors of the term.

> The term "Cyber Monday" was coined by Ellen Davis, and was first used within the ecommerce community during the 2005 holiday season. According to Scott Silverman, the head of Shop.org, the term was coined based on 2004 research showing "one of the biggest online shopping days of the year" was the Monday after Thanksgiving (12th-biggest day historically). Retailers also noted the most significant shopping period was December 5 through 15 of the previous year. In late November 2005, The New York Times reported: "The name Cyber Monday grew out of the observation that millions of otherwise productive working Americans, fresh off a Thanksgiving weekend of window shopping, were returning to high-speed Internet connections at work Monday and buying what they liked." At the time, a lot of people had slow Internet at home. The idea for having such a holiday was created by Tony Valado, in 2003 while working at 1800Flowers.com, and coined "White Wednesday" to be the day before Thanksgiving for online retailers.

https://en.wikipedia.org/wiki/Cyber_Monday

So that's where thta came from...

Privacy of communications is a protected right in lots of jurisdictions, not by default overridden by employer interests. From a values pov it makes sense as well, privacy is a human right and the fact that you're at work doesn't invalidate that, social interactions at work can be of a personal nature that is good to keep confidential.

Why should they only allow MItM’ed traffic when a third party is the one defeating the encryption?

You never watch a conference talk on YouTube at work?

I've always created a google account specific for that company though, so it is still technically segregated from my personal anything