China, GitHub, and the Man In The Middle

Jamon Camisso jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Fri Feb 1 15:43:26 UTC 2013


On 13-01-30 03:32 PM, Christopher Browne wrote:
> A *very* interesting article that points to how the increasing use of
> HTTPS makes it rather a lot more difficult for would-be interfering
> intermediaries such as the Chinese government.
> https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle
> 
> That GitHub uses HTTPS means that, to control their peoples' access to
> GitHub, the choices are:
> 
> a) Block GitHub altogether,
> b) Give up, or
> c) Try to insinuate a certificate into place so as to be Man In The Middle.
> 
> None of these are particularly palatable, acceptable, or usable.

c) is very much usable. Many of Fortigate's appliances are built on that
model of SSL MITM. BES (blackberry) lets you control certificates as well.

If you're working on a corporate network, assume your HTTPS traffic *is*
being monitored.

I'd say in fact that C is the easiest to pull off as you move up in
network scale because it becomes more transparent. Especially with the
weaknesses in the trust model, what with all the compromises to CAs in
the last year or two..

Do you check all the root CAs installed on your systems? What about the
ones Mozilla bundles separately?

I agree that option C is neither palatable or acceptable to me as
someone who is fortunate/privileged enough to not have to work within or
run a corporate network.

Ja,pm
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list