A workplace installs custom certificates on personal devices, can this be used to decrypt HTTPS traffic?Corporate computers have own corporation's cert as trusted CA; should I consider all traffic compromised?Is it possible for corporation to intercept and decrypt SSL/TLS traffic?ECDHE_RSA and gmailWhy not use client certificates for premaster key generationIt is possible to decrypt HTTPS traffic when a man in the middle proxy is already in place?Details of TLS certificate verificationUnderstanding SSL man-in-the-middle and its limitationsCan a wifi router decrypt SSL/TLS information?Doubts about tls handshakeDecrypt TLS trafficStorage of certificates and keys in hardware security modules (Use-case TLS)Publishing a private key used for HTTPS certificates, is it ever OK?

Bob has never been a M before

Partial sums of primes

Science Fiction story where a man invents a machine that can help him watch history unfold

Is exact Kanji stroke length important?

Do all polymers contain either carbon or silicon?

Resetting two CD4017 counters simultaneously, only one resets

How can I raise concerns with a new DM about XP splitting?

I2C signal and power over long range (10meter cable)

Taylor series of product of two functions

Organic chemistry Iodoform Reaction

Stereotypical names

Giant Toughroad SLR 2 for 200 miles in two days, will it make it?

No idea how to draw this using tikz

Can the electrostatic force be infinite in magnitude?

Java - What do constructor type arguments mean when placed *before* the type?

"lassen" in meaning "sich fassen"

Could solar power be utilized and substitute coal in the 19th century?

What does the "3am" section means in manpages?

Greatest common substring

My boss asked me to take a one-day class, then signs it up as a day off

Proving by induction of n. Is this correct until this point?

How to deal with or prevent idle in the test team?

Who must act to prevent Brexit on March 29th?

Is there a good way to store credentials outside of a password manager?



A workplace installs custom certificates on personal devices, can this be used to decrypt HTTPS traffic?


Corporate computers have own corporation's cert as trusted CA; should I consider all traffic compromised?Is it possible for corporation to intercept and decrypt SSL/TLS traffic?ECDHE_RSA and gmailWhy not use client certificates for premaster key generationIt is possible to decrypt HTTPS traffic when a man in the middle proxy is already in place?Details of TLS certificate verificationUnderstanding SSL man-in-the-middle and its limitationsCan a wifi router decrypt SSL/TLS information?Doubts about tls handshakeDecrypt TLS trafficStorage of certificates and keys in hardware security modules (Use-case TLS)Publishing a private key used for HTTPS certificates, is it ever OK?













7















So another engineer buddy of mine and I were having a drink the other night. He mentioned that you're allowed to use personal devices on the office wifi, but that they install a custom certificate so they can MITM your traffic.



Neither of us are security experts, but I know a little bit about the HTTP/TLS handshake protocol to question whether this is the case.



As far as I understand it (please forgive me if I butcher it):



  • Client-Server initiate handshake, and exchange certificate from signing authority + public key + random string.


  • Public key is used to decrypt a random string of characters, which is fed into a hashing algorithm and reveals a private key.


  • Private key is used to decrypt the traffic that follows


We were reading this article, about how companies sometimes install certificates to decrypt outgoing traffic.



If the blog-post case is true, then how does this work? Would they get the private key using their trusted-root all uses certificate? Assuming that works, that covers the windows use-case, but what about other platforms like OSX/iOS, linux, BSD etc.?



Are there other approaches that I'm not considering, where a certificate install could be used to MitM?










share|improve this question






















  • What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

    – Daisetsu
    7 hours ago











  • I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

    – Scuba Steve
    7 hours ago











  • We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

    – Scuba Steve
    6 hours ago






  • 1





    Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

    – Daisetsu
    6 hours ago






  • 1





    tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

    – Daisetsu
    6 hours ago















7















So another engineer buddy of mine and I were having a drink the other night. He mentioned that you're allowed to use personal devices on the office wifi, but that they install a custom certificate so they can MITM your traffic.



Neither of us are security experts, but I know a little bit about the HTTP/TLS handshake protocol to question whether this is the case.



As far as I understand it (please forgive me if I butcher it):



  • Client-Server initiate handshake, and exchange certificate from signing authority + public key + random string.


  • Public key is used to decrypt a random string of characters, which is fed into a hashing algorithm and reveals a private key.


  • Private key is used to decrypt the traffic that follows


We were reading this article, about how companies sometimes install certificates to decrypt outgoing traffic.



If the blog-post case is true, then how does this work? Would they get the private key using their trusted-root all uses certificate? Assuming that works, that covers the windows use-case, but what about other platforms like OSX/iOS, linux, BSD etc.?



Are there other approaches that I'm not considering, where a certificate install could be used to MitM?










share|improve this question






















  • What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

    – Daisetsu
    7 hours ago











  • I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

    – Scuba Steve
    7 hours ago











  • We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

    – Scuba Steve
    6 hours ago






  • 1





    Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

    – Daisetsu
    6 hours ago






  • 1





    tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

    – Daisetsu
    6 hours ago













7












7








7








So another engineer buddy of mine and I were having a drink the other night. He mentioned that you're allowed to use personal devices on the office wifi, but that they install a custom certificate so they can MITM your traffic.



Neither of us are security experts, but I know a little bit about the HTTP/TLS handshake protocol to question whether this is the case.



As far as I understand it (please forgive me if I butcher it):



  • Client-Server initiate handshake, and exchange certificate from signing authority + public key + random string.


  • Public key is used to decrypt a random string of characters, which is fed into a hashing algorithm and reveals a private key.


  • Private key is used to decrypt the traffic that follows


We were reading this article, about how companies sometimes install certificates to decrypt outgoing traffic.



If the blog-post case is true, then how does this work? Would they get the private key using their trusted-root all uses certificate? Assuming that works, that covers the windows use-case, but what about other platforms like OSX/iOS, linux, BSD etc.?



Are there other approaches that I'm not considering, where a certificate install could be used to MitM?










share|improve this question














So another engineer buddy of mine and I were having a drink the other night. He mentioned that you're allowed to use personal devices on the office wifi, but that they install a custom certificate so they can MITM your traffic.



Neither of us are security experts, but I know a little bit about the HTTP/TLS handshake protocol to question whether this is the case.



As far as I understand it (please forgive me if I butcher it):



  • Client-Server initiate handshake, and exchange certificate from signing authority + public key + random string.


  • Public key is used to decrypt a random string of characters, which is fed into a hashing algorithm and reveals a private key.


  • Private key is used to decrypt the traffic that follows


We were reading this article, about how companies sometimes install certificates to decrypt outgoing traffic.



If the blog-post case is true, then how does this work? Would they get the private key using their trusted-root all uses certificate? Assuming that works, that covers the windows use-case, but what about other platforms like OSX/iOS, linux, BSD etc.?



Are there other approaches that I'm not considering, where a certificate install could be used to MitM?







tls certificates






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 7 hours ago









Scuba SteveScuba Steve

1636




1636












  • What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

    – Daisetsu
    7 hours ago











  • I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

    – Scuba Steve
    7 hours ago











  • We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

    – Scuba Steve
    6 hours ago






  • 1





    Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

    – Daisetsu
    6 hours ago






  • 1





    tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

    – Daisetsu
    6 hours ago

















  • What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

    – Daisetsu
    7 hours ago











  • I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

    – Scuba Steve
    7 hours ago











  • We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

    – Scuba Steve
    6 hours ago






  • 1





    Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

    – Daisetsu
    6 hours ago






  • 1





    tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

    – Daisetsu
    6 hours ago
















What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

– Daisetsu
7 hours ago





What certificates did he install? Was it a root CA certificate? It could have just been a certificate to authenticate the radius server which is used to authorize access to the wifi. Different certificates do different tasks.

– Daisetsu
7 hours ago













I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

– Scuba Steve
7 hours ago





I don't think he installed anything. I think his workplace was being pretty transparent about what the cert is for - we're just trying to understand if it's possible or if they're making an empty threat.

– Scuba Steve
7 hours ago













We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

– Scuba Steve
6 hours ago





We both honestly don't care about the implications, we're really just trying to understand the scenario, because we're nerds.

– Scuba Steve
6 hours ago




1




1





Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

– Daisetsu
6 hours ago





Oh, I see. Yes that is possible and it's not rare. They're called TLS interception proxies.

– Daisetsu
6 hours ago




1




1





tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

– Daisetsu
6 hours ago





tlseminar.github.io/tls-interception look at the section titled "How SSL/TLS interception works"

– Daisetsu
6 hours ago










1 Answer
1






active

oldest

votes


















14














Yes, they can MitM the traffic this way, using an internal certificate authority. There are two primary ways in which the MitM can work.



The first is to simply turn the edge gateway into a proxy, whereby TLS connections are made from the gateway to the server, and the gateway then generates server certificates on the fly from an internal CA in order to impersonate the remote server. Your system trusts the CA, so it trusts the server certificate.



The second is a slightly different take on the first. The gateway proxies the traffic similarly to the first method, except it only advertises static RSA cipher suites to the remote server. The reason for doing this is performance. With a static RSA key exchange (i.e. not Diffie-Hellman) the gateway can split the handshake as before in order to provide the client with a certificate generated via the internal CA, but instead of decrypting the content on the gateway and then re-encrypting it before proxying, it simply passes the same session key between the client and server. This way the gateway only has to decrypt the traffic once, using the captured session key, and never needs to re-encrypt it in order to proxy the traffic between client and server. This trick no longer works in TLS 1.3 as static RSA key exchange was removed.



Generally speaking this kind of TLS inspection is fairly commonplace in large organisations, particularly financials. Deploying it on BYOD devices is somewhat common, although you should consider the privacy and security implications that might arise from installing your company's internal CA certificate on your device. You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys, because if not then your device is liable to be MitM'ed by an attacker.






share|improve this answer























  • " You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

    – Scuba Steve
    6 hours ago






  • 10





    As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

    – Polynomial
    6 hours ago












  • Amazing! I feel like pen-testing is a missed calling.

    – Scuba Steve
    6 hours ago






  • 1





    FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

    – dave_thompson_085
    6 hours ago











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206103%2fa-workplace-installs-custom-certificates-on-personal-devices-can-this-be-used-t%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









14














Yes, they can MitM the traffic this way, using an internal certificate authority. There are two primary ways in which the MitM can work.



The first is to simply turn the edge gateway into a proxy, whereby TLS connections are made from the gateway to the server, and the gateway then generates server certificates on the fly from an internal CA in order to impersonate the remote server. Your system trusts the CA, so it trusts the server certificate.



The second is a slightly different take on the first. The gateway proxies the traffic similarly to the first method, except it only advertises static RSA cipher suites to the remote server. The reason for doing this is performance. With a static RSA key exchange (i.e. not Diffie-Hellman) the gateway can split the handshake as before in order to provide the client with a certificate generated via the internal CA, but instead of decrypting the content on the gateway and then re-encrypting it before proxying, it simply passes the same session key between the client and server. This way the gateway only has to decrypt the traffic once, using the captured session key, and never needs to re-encrypt it in order to proxy the traffic between client and server. This trick no longer works in TLS 1.3 as static RSA key exchange was removed.



Generally speaking this kind of TLS inspection is fairly commonplace in large organisations, particularly financials. Deploying it on BYOD devices is somewhat common, although you should consider the privacy and security implications that might arise from installing your company's internal CA certificate on your device. You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys, because if not then your device is liable to be MitM'ed by an attacker.






share|improve this answer























  • " You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

    – Scuba Steve
    6 hours ago






  • 10





    As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

    – Polynomial
    6 hours ago












  • Amazing! I feel like pen-testing is a missed calling.

    – Scuba Steve
    6 hours ago






  • 1





    FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

    – dave_thompson_085
    6 hours ago
















14














Yes, they can MitM the traffic this way, using an internal certificate authority. There are two primary ways in which the MitM can work.



The first is to simply turn the edge gateway into a proxy, whereby TLS connections are made from the gateway to the server, and the gateway then generates server certificates on the fly from an internal CA in order to impersonate the remote server. Your system trusts the CA, so it trusts the server certificate.



The second is a slightly different take on the first. The gateway proxies the traffic similarly to the first method, except it only advertises static RSA cipher suites to the remote server. The reason for doing this is performance. With a static RSA key exchange (i.e. not Diffie-Hellman) the gateway can split the handshake as before in order to provide the client with a certificate generated via the internal CA, but instead of decrypting the content on the gateway and then re-encrypting it before proxying, it simply passes the same session key between the client and server. This way the gateway only has to decrypt the traffic once, using the captured session key, and never needs to re-encrypt it in order to proxy the traffic between client and server. This trick no longer works in TLS 1.3 as static RSA key exchange was removed.



Generally speaking this kind of TLS inspection is fairly commonplace in large organisations, particularly financials. Deploying it on BYOD devices is somewhat common, although you should consider the privacy and security implications that might arise from installing your company's internal CA certificate on your device. You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys, because if not then your device is liable to be MitM'ed by an attacker.






share|improve this answer























  • " You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

    – Scuba Steve
    6 hours ago






  • 10





    As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

    – Polynomial
    6 hours ago












  • Amazing! I feel like pen-testing is a missed calling.

    – Scuba Steve
    6 hours ago






  • 1





    FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

    – dave_thompson_085
    6 hours ago














14












14








14







Yes, they can MitM the traffic this way, using an internal certificate authority. There are two primary ways in which the MitM can work.



The first is to simply turn the edge gateway into a proxy, whereby TLS connections are made from the gateway to the server, and the gateway then generates server certificates on the fly from an internal CA in order to impersonate the remote server. Your system trusts the CA, so it trusts the server certificate.



The second is a slightly different take on the first. The gateway proxies the traffic similarly to the first method, except it only advertises static RSA cipher suites to the remote server. The reason for doing this is performance. With a static RSA key exchange (i.e. not Diffie-Hellman) the gateway can split the handshake as before in order to provide the client with a certificate generated via the internal CA, but instead of decrypting the content on the gateway and then re-encrypting it before proxying, it simply passes the same session key between the client and server. This way the gateway only has to decrypt the traffic once, using the captured session key, and never needs to re-encrypt it in order to proxy the traffic between client and server. This trick no longer works in TLS 1.3 as static RSA key exchange was removed.



Generally speaking this kind of TLS inspection is fairly commonplace in large organisations, particularly financials. Deploying it on BYOD devices is somewhat common, although you should consider the privacy and security implications that might arise from installing your company's internal CA certificate on your device. You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys, because if not then your device is liable to be MitM'ed by an attacker.






share|improve this answer













Yes, they can MitM the traffic this way, using an internal certificate authority. There are two primary ways in which the MitM can work.



The first is to simply turn the edge gateway into a proxy, whereby TLS connections are made from the gateway to the server, and the gateway then generates server certificates on the fly from an internal CA in order to impersonate the remote server. Your system trusts the CA, so it trusts the server certificate.



The second is a slightly different take on the first. The gateway proxies the traffic similarly to the first method, except it only advertises static RSA cipher suites to the remote server. The reason for doing this is performance. With a static RSA key exchange (i.e. not Diffie-Hellman) the gateway can split the handshake as before in order to provide the client with a certificate generated via the internal CA, but instead of decrypting the content on the gateway and then re-encrypting it before proxying, it simply passes the same session key between the client and server. This way the gateway only has to decrypt the traffic once, using the captured session key, and never needs to re-encrypt it in order to proxy the traffic between client and server. This trick no longer works in TLS 1.3 as static RSA key exchange was removed.



Generally speaking this kind of TLS inspection is fairly commonplace in large organisations, particularly financials. Deploying it on BYOD devices is somewhat common, although you should consider the privacy and security implications that might arise from installing your company's internal CA certificate on your device. You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys, because if not then your device is liable to be MitM'ed by an attacker.







share|improve this answer












share|improve this answer



share|improve this answer










answered 6 hours ago









PolynomialPolynomial

101k32249342




101k32249342












  • " You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

    – Scuba Steve
    6 hours ago






  • 10





    As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

    – Polynomial
    6 hours ago












  • Amazing! I feel like pen-testing is a missed calling.

    – Scuba Steve
    6 hours ago






  • 1





    FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

    – dave_thompson_085
    6 hours ago


















  • " You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

    – Scuba Steve
    6 hours ago






  • 10





    As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

    – Polynomial
    6 hours ago












  • Amazing! I feel like pen-testing is a missed calling.

    – Scuba Steve
    6 hours ago






  • 1





    FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

    – dave_thompson_085
    6 hours ago

















" You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

– Scuba Steve
6 hours ago





" You need to ask yourself whether you trust that your IT security team is likely to be able to protect the signing keys." Yes exactly, I had the same thought myself.

– Scuba Steve
6 hours ago




10




10





As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

– Polynomial
6 hours ago






As an aside, I once assessed a TLS inspection gateway product which re-signed all HTTPS connections using the internal CA, even if the remote certificate was invalid. This allowed for a particularly effective phishing campaign in which we impersonated the company intranet and had our phishing domain automagically signed by the company CA. I suggest that you check for this vulnerability yourself by trying to visit a site which you know has an invalid (e.g. expired, or incorrect domain) certificate and seeing if the connection succeeds.

– Polynomial
6 hours ago














Amazing! I feel like pen-testing is a missed calling.

– Scuba Steve
6 hours ago





Amazing! I feel like pen-testing is a missed calling.

– Scuba Steve
6 hours ago




1




1





FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

– dave_thompson_085
6 hours ago






FWIW even if 1.3 would allow static-RSA, it changes the key derivation to include the whole handshake (not just premaster+nonces) and MITM couldn't make those equal. This is similar to rfc7627 which fixes 'triple handshake' for 1.2, except that is optional and so MITM can force it off.

– dave_thompson_085
6 hours ago


















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206103%2fa-workplace-installs-custom-certificates-on-personal-devices-can-this-be-used-t%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to create a command for the “strange m” symbol in latex? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)How do you make your own symbol when Detexify fails?Writing bold small caps with mathpazo packageplus-minus symbol with parenthesis around the minus signGreek character in Beamer document titleHow to create dashed right arrow over symbol?Currency symbol: Turkish LiraDouble prec as a single symbol?Plus Sign Too Big; How to Call adfbullet?Is there a TeX macro for three-legged pi?How do I get my integral-like symbol to align like the integral?How to selectively substitute a letter with another symbol representing the same letterHow do I generate a less than symbol and vertical bar that are the same height?

Българска екзархия Съдържание История | Български екзарси | Вижте също | Външни препратки | Литература | Бележки | НавигацияУстав за управлението на българската екзархия. Цариград, 1870Слово на Ловешкия митрополит Иларион при откриването на Българския народен събор в Цариград на 23. II. 1870 г.Българската правда и гръцката кривда. От С. М. (= Софийски Мелетий). Цариград, 1872Предстоятели на Българската екзархияПодмененият ВеликденИнформационна агенция „Фокус“Димитър Ризов. Българите в техните исторически, етнографически и политически граници (Атлас съдържащ 40 карти). Berlin, Königliche Hoflithographie, Hof-Buch- und -Steindruckerei Wilhelm Greve, 1917Report of the International Commission to Inquire into the Causes and Conduct of the Balkan Wars

Чепеларе Съдържание География | История | Население | Спортни и природни забележителности | Културни и исторически обекти | Религии | Обществени институции | Известни личности | Редовни събития | Галерия | Източници | Литература | Външни препратки | Навигация41°43′23.99″ с. ш. 24°41′09.99″ и. д. / 41.723333° с. ш. 24.686111° и. д.*ЧепелареЧепеларски Linux fest 2002Начало на Зимен сезон 2005/06Национални хайдушки празници „Капитан Петко Войвода“Град ЧепелареЧепеларе – народният ски курортbgrod.orgwww.terranatura.hit.bgСправка за населението на гр. Исперих, общ. Исперих, обл. РазградМузей на родопския карстМузей на спорта и скитеЧепеларебългарскибългарскианглийскитукИстория на градаСки писти в ЧепелареВремето в ЧепелареРадио и телевизия в ЧепелареЧепеларе мами с родопски чар и добри пистиЕвтин туризъм и снежни атракции в ЧепелареМестоположениеИнформация и снимки от музея на родопския карст3D панорами от ЧепелареЧепелареррр