[clug] OT: Protesting the proposed clean feed?
David Schoen
neerolyte at gmail.com
Thu Oct 23 10:45:57 GMT 2008
On Thu, Oct 23, 2008 at 9:38 PM, Peter Barker <pbarker at barker.dropbear.id.au
> wrote:
> On Thu, 23 Oct 2008, Nathan Rickerby wrote:
>
> Without a method for seeing the certificate the ISP gets when making the
>> second https connection, how can you verify they are connecting to the
>> true intended destination. The connection could be man-in-the-middled
>> again between the ISP and your bank.
>>
>
> I'd have thought that connection would be secure; the ISP can verify
> certificates as well as you can :) And since they're doing a MitM attack
> against you, they can even present you with a bad-certificate message (with
> advertising).
You're counting on a whole bunch of transparency that I doubt you would get
if something like this was implemented.
Considering my department actively encourages being able to use netbank type
sites at work and also implements https filtering without warning or any
transparency (no one was told it was going in, I can't even find out if they
are verifying ssl certificates, let alone who with).
I would be surprised if any initial implementations of this sort of thing
would be much better than what we public servants are subjected to.
- Dave.
More information about the linux
mailing list