Delivery-Date: Wed, 18 Nov 2015 16:36:15 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DD0081E0AB3;
	Wed, 18 Nov 2015 16:36:13 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D0C2733435;
	Wed, 18 Nov 2015 21:36:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C4DC43336F
 for <tor-talk@lists.torproject.org>; Wed, 18 Nov 2015 21:36:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 3aYWPdajeTdS for <tor-talk@lists.torproject.org>;
 Wed, 18 Nov 2015 21:36:05 +0000 (UTC)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com
 [IPv6:2a00:1450:400c:c09::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 851E9332A0
 for <tor-talk@lists.torproject.org>; Wed, 18 Nov 2015 21:36:02 +0000 (UTC)
Received: by wmvv187 with SMTP id v187so299262139wmv.1
 for <tor-talk@lists.torproject.org>; Wed, 18 Nov 2015 13:35:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=aC1xCgc0GuooYaKmisEVpW5OChqq29ey8FvqgrU/Ews=;
 b=OWPdHUbMtXjDFiCtBzDtlNLveYIu18t1IYcBsZLWNRQRyEXk33++DmpBWYY8cfdbyc
 lS+cVk39WBg3DSXKnPqEz3C8vRIz63LzOVN8gMTwgv3EuJ0ecUnNBDK875qVuQMXlZpb
 ol3/SDGNJ/v16/DYCdI7Z/7IlBEpZDgNrB7a6iC2v8X5UeQqis2mmPe+5Us2uZfo5ZEJ
 YwffMybetAwxfv/HNSR2/29wOjifI+rZbJdtVIcnYjnrRpJhb1AouNWcrwaN0+/6a3Hd
 T/BSiXB72sHUbqhxH1xVOM1s7cDZmO5wrn3wykswBOjB27SXrS3uzL4f+J2D3mDRXgky
 rWLg==
X-Received: by 10.195.18.6 with SMTP id gi6mr4683898wjd.83.1447882559739;
 Wed, 18 Nov 2015 13:35:59 -0800 (PST)
Received: from localhost.localdomain (nat.brmlab.cz. [77.87.241.77])
 by smtp.googlemail.com with ESMTPSA id v196sm5163541wmv.10.2015.11.18.13.35.58
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Wed, 18 Nov 2015 13:35:59 -0800 (PST)
To: tor-talk@lists.torproject.org
References: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
From: Ondrej Mikle <ondrej.mikle@gmail.com>
Message-ID: <564CEF3D.3010900@gmail.com>
Date: Wed, 18 Nov 2015 22:35:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CAPjf7ZXsPCo2U0rXD2uXWsrxc5Do=9_1KUyY1JrU+gYztNdXbg@mail.gmail.com>
Subject: Re: [tor-talk] MITM attack on TLS
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/18/2015 04:36 PM, Justin Davis wrote:
> I just learned that the IT department of an organization where I am
> will begin mass decryption on TLS traffic.  Would this effect the use
> of the Meek pluggable transport?  Just to give more information, the
> attack will be done by having every network user install a root cert
> in our browsers.  Any information is apreciated.

I'm not entirely sure whether meek transport checks the certificate, 
because it's not necessary since it just acts an encapsulation proxy for 
Tor traffic.

However the IT admin would be able to see to which meek bridge are you 
connecting to after the MitM (meek just sends the bridge in HTTP Host 
header that is normally hidden inside TLS tunnel).

I haven't checked meek's development in a while, so this might not be 
entirely accurate.

OM
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

