Hi, a very dirty fact happened yesterday that still didn't have the appropriate attention.
The French Government ANSSI made a MITM against Google SSL/TLS: http://googleonlinesecurity.blogspot.it/2013/12/further-improving-digital-certificate.html Google does not mention who's ANSSI. ANSSI is the French CyberSecurity agency, closely working with defense and intelligence agencies: http://www.ssi.gouv.fr/ ANSSI declare that they are generating fake-certificate for the purpose to inspect SSL traffic: "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. " Google Detected the MITM and Blocked it: https://code.google.com/p/chromium/issues/detail?id=326787 ANSSI issued a statement that it was a "Human Error" from someone from the Finance Ministry: http://www.ssi.gouv.fr/en/the-anssi/events/revocation-of-an-igc-a-branch-808.html So, the summary of the story can be read as follow: "A French Governmental Agency working on cybersecure with defense and intelligence agencies admitted that they are doing SSL MITM and that, due to a human error, they have been caught" -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
