If you’re doing analysis on network captures, you’ll eventually run into the need to view encrypted data. This is especially true if you’re troubleshooting a secure web application like a shopping cart or online banking. If you’re doing this analysis in Wireshark, you’re somewhat caught between a rock and a hard place - you have to either:
- Give your private keys over to the engineers, and let them install it locally in their copy of Wireshark in order to decrypt data
- Have one location or virtual machine where the keys are installed on the machine’s copy of Wireshark, and have users share use of the machine
In the first case, you now face a situation where the very private keys used on your website - the whole reason your site is secure in the first place - now exist as multiple copies in multiple locations. Are you going to rely on policy that they be deleted? Or only limit access to one support engineer?
In the second case, you face the normal difficulties with trying to use one shared machine to operate a network tool. In addition, you must now secure this machine (likely a simple workstation) from intrusion to a degree necessary to protect one of your most vital assets - getting your SSL keys leaked is bad, bad news.