Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
China, GitHub and the man-in-the-middle (Greatfire)
Posted Jan 30, 2013 17:03 UTC (Wed) by intgr (subscriber, #39733)
Public services like GitHub are now enforcing SSL, making censorship more complicated and invasive. Unlike before, users in China are now explicitly alerted that their traffic is being intercepted. And users who successfully defeat the Great Firewall have an easy way to verify the fact.
Posted Jan 30, 2013 20:37 UTC (Wed) by kjp (subscriber, #39639)
No browser would prevent the authorities from using their ultimate tool though: certificates signed by the China Internet Network Information Center. CNNIC is controlled by the government through the Ministry of Industry and Information Technology. They are recognized by all major browsers as a trusted Certificate Authority. If they sign a fake certificate used in a man-in-the-middle attack, no browser will warn of any usual activity.
Posted Jan 30, 2013 21:04 UTC (Wed) by raven667 (subscriber, #5198)
Posted Jan 31, 2013 0:05 UTC (Thu) by robert_s (subscriber, #42402)
Posted Jan 31, 2013 16:32 UTC (Thu) by raven667 (subscriber, #5198)
The benefit is that the one user who actually pays attention can trivially demonstrate that the MITM is going on and sound the alarm.
Posted Feb 1, 2013 9:36 UTC (Fri) by job (guest, #670)
Posted Jan 30, 2013 21:53 UTC (Wed) by intgr (subscriber, #39733)
You clearly missed this bit in TFA:
> The attack would be detectable by manually reviewing the SSL certificate. While the vast majority of users would not do this, one single report on such an attack would create a huge international scandal that might lead to major browsers removing their trust of CNNIC. So the authorities will likely avoid using this tool, unless they feel it’s absolutely necessary.
Posted Jan 30, 2013 23:17 UTC (Wed) by Fowl (subscriber, #65667)
We can hope. Sometimes the outrage never comes, unfortunately.
Posted Jan 31, 2013 21:50 UTC (Thu) by bojan (subscriber, #14302)
Posted Feb 1, 2013 9:45 UTC (Fri) by job (guest, #670)
I'm sure the required future prediction powers could be put to better use.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds