On Thu, Jan 26, 2012 at 2:04 PM, Kyle Green <[log in to unmask]> wrote: > On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <[log in to unmask]> wrote: > >> Question: >> >> Is the requirement of having to install a custom root CA a show stopper? >> If so, for what reasons (too much work to deploy; privacy or ethical >> concerns; etc) >> > > It is for us; we simply have too many non-school-owned machines (we rely > heavily on BYOD) on our network. > This seems to be the major reason that the proxy method wasn't widely adopted. > > >> If you don't think you could deploy custom root CA's in your environment, >> would using OpenDNS instead of MECguard be an acceptable alternative? >> > > As in "getting rid of MECguard completely and switching entirely to > OpenDNS filtering at all sites?" > > Yes, or using MECguard and not filtering SSL (the firewall always being an option) -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/