[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] MITM attack on TLS
On 11/18/2015 04:36 PM, Justin Davis wrote:
I just learned that the IT department of an organization where I am
will begin mass decryption on TLS traffic. Would this effect the use
of the Meek pluggable transport? Just to give more information, the
attack will be done by having every network user install a root cert
in our browsers. Any information is apreciated.
I'm not entirely sure whether meek transport checks the certificate,
because it's not necessary since it just acts an encapsulation proxy for
However the IT admin would be able to see to which meek bridge are you
connecting to after the MitM (meek just sends the bridge in HTTP Host
header that is normally hidden inside TLS tunnel).
I haven't checked meek's development in a while, so this might not be
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to