[tor-talk] MITM attack on TLS

Ondrej Mikle ondrej.mikle at gmail.com
Wed Nov 18 21:35:57 UTC 2015


On 11/18/2015 04:36 PM, Justin Davis wrote:
> I just learned that the IT department of an organization where I am
> will begin mass decryption on TLS traffic.  Would this effect the use
> of the Meek pluggable transport?  Just to give more information, the
> attack will be done by having every network user install a root cert
> in our browsers.  Any information is apreciated.

I'm not entirely sure whether meek transport checks the certificate, 
because it's not necessary since it just acts an encapsulation proxy for 
Tor traffic.

However the IT admin would be able to see to which meek bridge are you 
connecting to after the MitM (meek just sends the bridge in HTTP Host 
header that is normally hidden inside TLS tunnel).

I haven't checked meek's development in a while, so this might not be 
entirely accurate.

OM


More information about the tor-talk mailing list