[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Dec 6 01:45:26 PST 2011
Earlier in the discussion there were questions about why a service provider
would want to MITM their customers. This has now been answered by a service
provider: It's to protect the chiiiiildren. From
http://patrick.seurre.com/?p=42
Three's policy with regards to filtering is intended to ensure that children
are protected from inappropriate content when using the internet on their
phones [...] This is not about intercepting customer communications but is
about the safety of children who use our network.
Note that while they're using Bluecoat hardware to do it, there's no mention
of SSL MITM'ing.
Another interesting point in the post:
In addition I asked Three why they were wasting money on Bluecoat's services
when any webmaster worth his salt knows how to tailor the webpage provided
based on the IP address of the PC making the request. They could produce a
page full of innocent images for Bluecoat when they come calling, but save
all the unsavoury material for the .real. visitor.
This is already standard practice for malware-laden sites, to the extent that
it's severely affecting things like Google Safe Browsing and Facebook's link
scanner, because Google and Facebook always get to see benign content and only
the end user gets the malware.
Peter.
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list