[Cryptography] FREAK attack
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Mar 5 08:58:35 EST 2015
On 04/03/15 21:23, Dave Horsfall wrote:
> I took the liberty of forwarding this to a geek list, and a bod who runs
> security at a University department responded thus:
>
> Sounds some what theoretical. Given the existence of certificates
> that allow corporate proxy servers to 'inspect' SSL traffic,
Can someone explain how that works please?
I can see a corporate proxy doing a MITM with the external SSL using a
certificate signed by a corporate CA installed on all the internal
machines.
Is that what he means? I may have missed something.
If it is, it isn't the certificate which is the plaintext hole, it's the
corporate CA installed on the corporate machines..
-- Peter Fairbrother
More information about the cryptography
mailing list