HTTPS and man-in-the-middle - was Re: new message
Toby Thain
toby at telegraphics.com.au
Sun Nov 22 18:18:20 CST 2015
On 2015-11-22 5:25 PM, Mouse wrote:
>> https is supposed to prevent "man in the middle" attacks, provided you enfor$
>
> That was the original theory, as I understand it.
>
> But there are way too many "in most browsers by default" CAs that are
> willing to sell wildcard certs such as can be used for MitM attacks
> without disturbing cert validity checks. I even recall hearing of some
> caching proxy (squid maybe?) that, out of the box, could use such a
Microsoft Forefront TMG maybe?
http://itknowledgeexchange.techtarget.com/itanswers/https-inspection-within-forefront-threat-management-gateway-2010/
--Toby
> cert to provide caching for HTTPS connections - they're that common.
> ...
>
> /~\ The ASCII Mouse
> \ / Ribbon Campaign
> X Against HTML mouse at rodents-montreal.org
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
>
More information about the cctalk
mailing list