See my post here:
http://www.cableforum.co.uk/board/34632497-post274.html
Quote:
|
What you probably saw was someone doing an SSL proxy with a badly configured browser with no sense of certifcation authorities. That is not invisible either as those proxies can only be self-signed and the certificates would flag to indicate that they are not properly signed and only have a 1 step CA.
|
That's the mechanism by which these appliances work. It's not breaking SSL it's attempting to impersonate each side to the other. It's not difficult at all and open source implementations are available, but will show up on a browser when you go to
www.barclays.co.uk and the SSL certificate the server provides is signed by Virgin Media and can't be verified.
It isn't a break of SSL though, is easily detectable, and requires browsers to be set up specifically to accomodate it as in an enterprise environment, so no I'm not admitting anything
---------- Post added at 13:17 ---------- Previous post was at 13:14 ----------
Quote:
Originally Posted by popper
Ohh, it seems that later in the thread you concentrate on full decyption of the tunnel, wereas for the purposes of this thread and the reality of why VM and the DPI vendors are doing this is to get just enough information from your encypted datastream to use it in whatever mannor they chose to increase their profit margins at the end users expense...and without regard to the legal or political implications that might bring in the future from their actions.
|
Ah forgot to respond to this. I'm well aware of DPI being used with partial decrypts, I've worked on DPI kit with regards to detecting encrypted Bittorrent. As you rightly said only enough 'decryption' was needed to detect what the underlying protocol was. In the case of encrypted BT the encryption was rather weak and although it took a few months researchers did indeed break it to the point where it could be positively identified.