On 25/06/15 12:38, Deryck Chan wrote:
Hi ambassadors,
Recently Wikimedia sites switched to https-only for privacy reasons, and the https certificate has been updated to prevent access altogether where a secure connection couldn't be established.
This is a problem because some schools and companies deliberately eavesdrop https for monitoring purposes by inserting an in-house https certificate. Wikimedia's switch to https-only is preventing people from such networks from even *reading* Wikipedia.
Is there a compromise that can be sought?
If their in-house https certificate is installed locally in the client browsers, they will be able to continue snooping into the connections. How did they manage to eavesdrop in eg. bank webpages before?
Not our fault. They haven't properly configured their MITM solution. Note that locally installing the certificate is precisely what differenciates (from the browser POV) a legitimate MITM (acknowledged by the user) and a malicious one.