HTTPS and man-in-the-middle - was Re: new message
toby at telegraphics.com.au
Sun Nov 22 18:18:20 CST 2015
On 2015-11-22 5:25 PM, Mouse wrote:
>> https is supposed to prevent "man in the middle" attacks, provided you enfor$
> That was the original theory, as I understand it.
> But there are way too many "in most browsers by default" CAs that are
> willing to sell wildcard certs such as can be used for MitM attacks
> without disturbing cert validity checks. I even recall hearing of some
> caching proxy (squid maybe?) that, out of the box, could use such a
Microsoft Forefront TMG maybe?
> cert to provide caching for HTTPS connections - they're that common.
> /~\ The ASCII Mouse
> \ / Ribbon Campaign
> X Against HTML mouse at rodents-montreal.org
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the cctalk