[145049] in cryptography@c2.net mail archive
Re: TLS man in the middle
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Mon Nov 9 20:04:20 2009
Date: Mon, 9 Nov 2009 10:00:45 +0200 (IST)
From: Alexander Klimov <alserkli@inbox.ru>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <c5528eee0911061713s78d2a593nb5c8a4cb80ee4e46@mail.gmail.com>
On Sat, 7 Nov 2009, Sandy Harris wrote:
> I'm in China and use SSL/TLS for quite a few things. Proxy connections,
> Gmail set to "always use https" and so on. This is the main defense for
> me and many others against the Great Firewall.
>
> Should I be worrying about man-in-the-middle attacks from the Great
> Firewall servers?
The attack does not directly allow to see any plaintext, it only
prepends your data with attackers plaintext.
IMO if the Great Firewall administrator wanted to intercept TLS
traffic they would do the usual TLS MitM attack with replacement of
certificates (as done by some corporate firewalls). Using the
renegotiation attack for purposes allowed by law seems to be too
round about.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
