On Thu, Jan 26, 2012 at 2:04 PM, Kyle Green <[log in to unmask]> wrote:
On Thu, Jan 26, 2012 at 1:57 PM, Ray Soucy <[log in to unmask]> wrote:
Question:

Is the requirement of having to install a custom root CA a show stopper?  If so, for what reasons (too much work to deploy; privacy or ethical concerns; etc)

It is for us; we simply have too many non-school-owned machines (we rely heavily on BYOD) on our network.

This seems to be the major reason that the proxy method wasn't widely adopted.
 
 
If you don't think you could deploy custom root CA's in your environment, would using OpenDNS instead of MECguard be an acceptable alternative?

As in "getting rid of MECguard completely and switching entirely to OpenDNS filtering at all sites?"


Yes, or using MECguard and not filtering SSL (the firewall always being an option)

--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/