On Thu, Jan 26, 2012 at 2:04 PM, Kyle Green <[log in to unmask]> wrote:

> On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <[log in to unmask]> wrote:
>
>> Question:
>>
>> Is the requirement of having to install a custom root CA a show stopper?
>>  If so, for what reasons (too much work to deploy; privacy or ethical
>> concerns; etc)
>>
>
> It is for us; we simply have too many non-school-owned machines (we rely
> heavily on BYOD) on our network.
>

This seems to be the major reason that the proxy method wasn't widely
adopted.


>
>
>> If you don't think you could deploy custom root CA's in your environment,
>> would using OpenDNS instead of MECguard be an acceptable alternative?
>>
>
> As in "getting rid of MECguard completely and switching entirely to
> OpenDNS filtering at all sites?"
>
>
Yes, or using MECguard and not filtering SSL (the firewall always being an
option)

-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/