[GLLUG] Installing SSL certificate at the request of a WiFi provider
Jason Clifford
jason at ukpost.com
Mon May 9 12:45:30 UTC 2016
Hi John
Did you ask them how they will ensure their https filter is PCI-CCS compliant and compliant with DPA requirements for dealing with other sensitive data?
If they do as you suggest they will be storing and processing credit card data and personally identifying data.
---- On Sun, 08 May 2016 08:47:50 +0100 gllug at mailman.lug.org.uk wrote ----
Not specifically a Linux question, but I know a lot of knowledgeable
people lurk here so I hope it will be forgiven.
A (physical) site which I visit regularly provides a BYOD WiFi network
to which people can connect their own devices. You need an individual
WPA2 login in order to connect to it.
Just recently they've announced that they're introducing filtering of
https connections, and thus you will also need to install a certificate
provided by them if you are going to use it to access any https web sites.
Now the only way I can see this working is if they are proposing to
generate spoof certificates, signed by them, for any such sites which
you access, install their web filter as a man-in-the-middle, and thus
have clear-text access to all your supposedly encrypted communication.
Am I reading this correctly, or is there some less malign thing which
they could be doing? Should I just stop using their WiFi and rely on my
own 4G connection?
Cheers,
John
_______________________________________________
GLLUG mailing list
GLLUG at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20160509/f601e961/attachment.html>
More information about the GLLUG
mailing list