'Today' considers data retention and IMP
Ian Batten
ukcrypto at chiark.greenend.org.uk
Tue, 13 Jan 2009 14:10:32 +0000
>
> (2) I'm not convinced the certificate check IS dealing with a
> different
> risk. The very people most likely to have the ability to passively
> sniff *backbone* links are probably ISP staff, who could just as
> easily
> mount an active attack to defeat opportunistic TLS. E.g redirect
> SMTP
> to a transparent proxy, effectively man-in-the-middle'ing the TLS.
That's a much harder attack to mount, though. For a two blokes ISP
it's do-able, but it would require co-ordination across quite a wide
range of functions with a larger undertaking. It'd be something an
ISP undertook, not an ISP employee.
It'd also be fairly easy to spot. You strew about on other machines
you control self-signed certificates which you can verify, and use
those as canaries in the mine.
ian