[cryptography] so can we find a public MitM cert sample? (Re: really sub-CAs for MitM deep packet inspectors?)

Ralph Holz holz at net.in.tum.de
Mon Dec 5 18:19:48 EST 2011


Hi,

> I have to say I have my doubts that either Boingo or Sheraton hotels, or
> other providers would be doing MitM for advertising/profiling or whatever
> reasons to their respective wifi services.  Absent certs showing this,
> its a
> significantly controversial claim, and there are many many reasons you can
> see something that appears suspicious at a glance.  Multiple certs for the
> same domain (load balancers), legitimately changed certs, different certs
> for different server farms in different geographic locations, cert warnings
> before you login because of the HTTP intercept, cached/delayed versions of
> the previous, localhost anti-spam/anti-virus proxies that are doing
> transparent proxying, VPN routing to a MitM corporate box?  There are a lot
> of things that can do unexpected things.

I could imagine such attacks happen more frequently in hotels in certain
countries with a high inclination towards wiretapping. Industrial
espionage could be one motivation.

On an unrelated note, there was a report of a Tor exit node doing a MitM
on SSL connections running through it. Of course, it was years ago and I
didn't pay much attention to it then, and have no URL that I could
provide. :-/

Ralph

-- 
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20111206/954035b9/attachment.asc>


More information about the cryptography mailing list