On Mon, May 20, 2019 at 8:53 AM Danishka Navin <danis...@gmail.com> wrote: > Seems government is working with Chinese tech people to run mass online > surveillance system. > http://www.themorning.lk/china-styled-mass-online-surveillance/ > > > But I am not clear how Root CA can use to SSL MITM attack instead of user > cert. >
If you trust a root CA for signing websites, then they can sign a new certificate for google.com, then modify DNS to send you to a non-Google server presenting their certificate, signed by the corrupt CA. They'd decrypt all of your traffic, read it, re-encrypt it with the real google.com cert and pass it along. You would still see the website you expect to, but in the middle all of your traffic is exposed to the man-in-the-middle server. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
