On 25/06/15 12:38, Deryck Chan wrote:
Hi ambassadors,
Recently Wikimedia sites switched to https-only for privacy reasons, and
the https certificate has been updated to prevent access altogether
where a secure connection couldn't be established.
This is a problem because some schools and companies deliberately
eavesdrop https for monitoring purposes by inserting an in-house https
certificate. Wikimedia's switch to https-only is preventing people from
such networks from even *reading* Wikipedia.
Is there a compromise that can be sought?
If their in-house https certificate is installed locally in the client
browsers, they will be able to continue snooping into the connections.
How did they manage to eavesdrop in eg. bank webpages before?
Not our fault. They haven't properly configured their MITM solution.
Note that locally installing the certificate is precisely what
differenciates (from the browser POV) a legitimate MITM (acknowledged by
the user) and a malicious one.