Ondrej Mikle <ondrej.mi...@nic.cz> writes: >How do MitM boxes react when they MitM connection to a server with self- >signed cert (or cert issued by an obsure CA not trusted by MitM box)?
For one example, see http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-coat-systems-reference-guide-ssl-proxy.html and http://wikileaks.org/spyfiles/docs/bluecoat/246_blue-coat-systems-deployment-guide-deploying-the-ssl-proxy.html. In general it looks like it's a mixture of "it's configurable" and "it depends on the vendor" (the above only tells you what Bluecoat do). Interesting to note that the Bluecoat hardware has problems MITM-ing Windows Update, because Microsoft apply the quite sensible measure of only allowing something signed by a known Windows Update cert (or at least on a Microsoft-supplied trust list), rather than any old cert that turns up as long as it's signed by some CA somewhere. I've heard of a similar approach proposed for smartphone mobile banking apps, you hardcode in a cert that's used to verify a whitelist of known-good certs for banks (more or less like Microsoft's CTLs), and then it doesn't matter what certs the CAs sign because if it's not on the CTL then it doesn't get trusted. >Given the state of security/auditing of "private sub-CAs" as described, was >there ever a report of a breach (e.g. stolen key, fraudulently issued certs)? You're joking, right? Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
