[mdlug] decrypting ssl connections on the fly?
Flavio daCosta
flav at binaryservice.com
Fri Nov 24 10:44:33 EST 2006
On 11/24/2006 09:37 AM, Carl T. Miller wrote:
> Aha, let me speculate even more wildly. I wonder if it works
> like a proxy. Whenever an ssl connection request is sent,
> it sends its own connection request, thus it can unencrypt
> what returns. It would then need to encrypt it again with
> fake keys pretending to be the original source.
Yes, they are proxy servers (doing a Man In The Middle.) The one last
detail is that the client machines [browsers] must install the proxy's
root certificate into the browser so they accept the generated /fake/
cert without disruption.
> If that's the way it works, that means <insert your favorite
> party here, such as your ISP, the FBI, etc.> can watch all
> ssl traffic that goes across public networks.
They /could/ but you would get that little popup that says "The
certificate name and site dont match..." or "This certificate cannot be
verified ... do you wish to accept?" (depending on the details of how
they MiTM)
flav
More information about the mdlug
mailing list