Geekspeak I don't understand
Jon Ribbens
jon+ukcrypto at unequivocal.co.uk
Wed May 13 23:10:18 BST 2015
On Wed, May 13, 2015 at 05:26:19PM +0100, Tim Fletcher wrote:
> On 13/05/15 13:31, Jon Ribbens wrote:
> > Is it a corporate computer or similar that might have a root
> > certificate installed by the IT department? The error message means
> > that the 'wrong' certificate was seen by your browser. I assume if
> > the certificate didn't verify at all then a more usual error
> > message would appear.
>
> It's not just the installation of a root cert on a corporate computer
> but MitM on the SSL traffic. This is normally so that filtering can
> take place, basically a server decrypts, filters and then encrypts
> using it's own SSL cert the traffic which doesn't match the pin set.
Well, yes, that's why you might see the 'wrong' cert, hence my
question. Although, now I think about it, I seem to recall that
this kind of certificate pinning tends to have a deliberate exception
in it for locally-added certificates.
More information about the ukcrypto
mailing list