[GLLUG] Installing SSL certificate at the request of a WiFi provider

Dave Lambley dave.lambley at gmail.com
Mon May 9 10:57:43 UTC 2016


On 8 May 2016 at 08:47, John Winters via GLLUG <gllug at mailman.lug.org.uk>
wrote:

> Not specifically a Linux question, but I know a lot of knowledgeable
> people lurk here so I hope it will be forgiven.
>
> A (physical) site which I visit regularly provides a BYOD WiFi network
> to which people can connect their own devices.  You need an individual
> WPA2 login in order to connect to it.
>
> Just recently they've announced that they're introducing filtering of
> https connections, and thus you will also need to install a certificate
> provided by them if you are going to use it to access any https web sites.
>
> Now the only way I can see this working is if they are proposing to
> generate spoof certificates, signed by them, for any such sites which
> you access, install their web filter as a man-in-the-middle, and thus
> have clear-text access to all your supposedly encrypted communication.
>
> Am I reading this correctly, or is there some less malign thing which
> they could be doing?  Should I just stop using their WiFi and rely on my
> own 4G connection?
>
>
You'll likely find that some sites will become inaccessible in recent
versions of Firefox and Google (and probably other browsers), due to public
key pinning.

https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
https://security.googleblog.com/2011/08/update-on-attempted-man-in-middle.html

Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20160509/1e588d87/attachment.html>


More information about the GLLUG mailing list