[GLLUG] Installing SSL certificate at the request of a WiFi provider

Jason Clifford jason at ukpost.com
Mon May 9 12:45:30 UTC 2016

Hi John 

Did you ask them how they will ensure their https filter is PCI-CCS compliant and compliant with DPA requirements for dealing with other sensitive data?

If they do as you suggest they will be storing and processing credit card data and personally identifying data. 

---- On Sun, 08 May 2016 08:47:50 +0100 gllug at mailman.lug.org.uk wrote ----

Not specifically a Linux question, but I know a lot of knowledgeable 
people lurk here so I hope it will be forgiven. 

A (physical) site which I visit regularly provides a BYOD WiFi network 
to which people can connect their own devices. You need an individual 
WPA2 login in order to connect to it. 

Just recently they've announced that they're introducing filtering of 
https connections, and thus you will also need to install a certificate 
provided by them if you are going to use it to access any https web sites. 

Now the only way I can see this working is if they are proposing to 
generate spoof certificates, signed by them, for any such sites which 
you access, install their web filter as a man-in-the-middle, and thus 
have clear-text access to all your supposedly encrypted communication. 

Am I reading this correctly, or is there some less malign thing which 
they could be doing? Should I just stop using their WiFi and rely on my 
own 4G connection? 


GLLUG mailing list
GLLUG at mailman.lug.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20160509/f601e961/attachment.html>

More information about the GLLUG mailing list