Web Blog_blogentry_271215_1


SSL-TLS Interception#

"The Transport Layer Security (TLS) Protocol Version 1.2" (RFC 5246) clearly states "The TLS protocol provides communications security over the Internet"

Yet everyday millions of people work behind TLS Proxies that provide no security and no indication to the end-user that the connection is NOT secure. Some of these conditions are "legal" TLS Proxies operated by organizations that the end-user has provided their consent for their employors to spy on them. There are of course MANY others that the typical Internet user has no idea that they are using a TLS Proxy.

Many "free" WI-FI systems and most Hotel and Motel systems utilize TLS Proxies often operated by their chosen provider.

Many Internet Providers utilize TLS proxies for all of their connections.

These TLS Proxies typically Decrypt the "supposedly" secure TLS communication and perform inspection and logging of data all unknown to the end-user. These TLS proxies are of course subject to review by any number of Government authorities often without the end-user being notified.

Many of these TLS proxies generate certificates on-the-fly and present them to the user as a "valid" certificate signed by one of the hundreds of Certificate Authorities builtin to the browser or added by the employer.

Regardless of the technology used, the TLS Proxy is by definition a Man-In-The-Middle attack and TLS does not detect the attack. Which clearly does not "The TLS protocol provides communications security over the Internet"

More Information#

There might be more information for this subject on one of the following: ...nobody