HTTPS and man-in-the-middle - was Re: new message

Toby Thain toby at telegraphics.com.au
Sun Nov 22 18:18:20 CST 2015


On 2015-11-22 5:25 PM, Mouse wrote:
>> https is supposed to prevent "man in the middle" attacks, provided you enfor$
>
> That was the original theory, as I understand it.
>
> But there are way too many "in most browsers by default" CAs that are
> willing to sell wildcard certs such as can be used for MitM attacks
> without disturbing cert validity checks.  I even recall hearing of some
> caching proxy (squid maybe?) that, out of the box, could use such a

Microsoft Forefront TMG maybe?
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within-forefront-threat-management-gateway-2010/

--Toby


> cert to provide caching for HTTPS connections - they're that common.
> ...
>
> /~\ The ASCII				  Mouse
> \ / Ribbon Campaign
>   X  Against HTML		mouse at rodents-montreal.org
> / \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
>



More information about the cctalk mailing list