[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] first using bridge then become bridge (On chinese SSL MITM)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] first using bridge then become bridge (On chinese SSL MITM)
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Wed, 09 Mar 2011 15:21:40 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Mar 2011 09:21:57 -0500
In-reply-to: <4D778727.1070007@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <4D7645B4.3050502@xxxxxxxxx> <4D7750B9.9050009@xxxxxxxxxxxxxxx> <4D777C68.90104@xxxxxxxxx> <4D7783C6.9080706@xxxxxxxxxxxxxxx> <4D778727.1070007@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

On 3/9/11 2:56 PM, Lorenz Kirchner wrote:
>> This this:
>> https://sites.google.com/a/infosecurity.ch/testst/
>>
> no, same problem
> 
> ...connection interrupted...

Sounds interesting that they are doing SSL MiTM probably because they
have control of some rough chinese-government-affiliated CA
certification authority.

May i ask you, being in china, to go https://spreadsheet.google.com and
report via email which are the SSL digital certificate information that
you read?

From Europe i see in the certificate information
SHA1 Fingerprint (last digits are DC:8E:74:12:93)
Serial (last digits are 00:00:22:63)

The Root Certificate have as chain:
EquifaxSecureCA: C = US, O = Equifax, OU = Equifax Secure Certificate
Authority
That signed the Google CA:
GoogleInternetAuthority: C = US, O = Google Inc, CN = Google Internet
Authority

What do you see with your browser related to the digital certificate
parameters?

Maybe we can find which are the rough CA with which they can do Deep
Packet Inspection?

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] first using bridge then become bridge (On chinese SSL MITM)
  - From: Lorenz Kirchner

References:
- [tor-relays] first using bridge then become bridge
  - From: Lorenz Kirchner
- Re: [tor-relays] first using bridge then become bridge
  - From: Fabio Pietrosanti (naif)
- Re: [tor-relays] first using bridge then become bridge
  - From: Lorenz Kirchner
- Re: [tor-relays] first using bridge then become bridge
  - From: Fabio Pietrosanti (naif)
- Re: [tor-relays] first using bridge then become bridge
  - From: Lorenz Kirchner

Prev by Author: Re: [tor-relays] first using bridge then become bridge
Next by Author: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Previous by thread: Re: [tor-relays] first using bridge then become bridge
Next by thread: Re: [tor-relays] first using bridge then become bridge (On chinese SSL MITM)
Index(es):
- Author
- Thread