TLS man in the middle
Alexander Klimov
alserkli at inbox.ru
Mon Nov 9 03:00:45 EST 2009
On Sat, 7 Nov 2009, Sandy Harris wrote:
> I'm in China and use SSL/TLS for quite a few things. Proxy connections,
> Gmail set to "always use https" and so on. This is the main defense for
> me and many others against the Great Firewall.
>
> Should I be worrying about man-in-the-middle attacks from the Great
> Firewall servers?
The attack does not directly allow to see any plaintext, it only
prepends your data with attackers plaintext.
IMO if the Great Firewall administrator wanted to intercept TLS
traffic they would do the usual TLS MitM attack with replacement of
certificates (as done by some corporate firewalls). Using the
renegotiation attack for purposes allowed by law seems to be too
round about.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list