[cryptography] Gogo inflight Internet uses fake SSL certs to MITM their users

Jeffrey Altman jaltman at secure-endpoints.com
Tue Jan 6 10:40:10 EST 2015

On 1/5/2015 8:47 PM, John Levine wrote:
> http://venturebeat.com/2015/01/05/gogo-in-flight-internet-says-it-issues-fake-ssl-certificates-to-throttle-video-streaming/
> They claim they're doing it to throttle video streaming, not to be evil.
> Am I missing something, or is this stupid?  If they want to throttle
> user bandwidth (not unreasonable on a plane), they can just do it.
> The longer a connection is open, the less bandwidth it gets.

I suspect that throttling user bandwidth is not the goal.  Instead they
are attempting to strip out embedded video from within http streams.
Since the video stream might be sent over the same tcp connection as
non-video content they can improve the user's experience by delivering
all but the video.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4589 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150106/ac08813d/attachment.p7s>

More information about the cryptography mailing list