Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] French Government doing SSL MITM

Fabio Pietrosanti (naif) lists at
Sun Dec 8 04:34:56 PST 2013


a very dirty fact happened yesterday that still didn't have the
appropriate attention.

The French Government ANSSI made a MITM against Google SSL/TLS:

Google does not mention who's ANSSI.

ANSSI is the French CyberSecurity agency, closely working with defense
and intelligence agencies:

ANSSI declare that they are generating fake-certificate for the purpose
to inspect SSL traffic:
"ANSSI has found that the intermediate CA certificate was used in a
commercial device, on a private network, to inspect encrypted traffic
with the knowledge of the users on that network. "

Google Detected the MITM and Blocked it:

ANSSI issued a statement that it was a "Human Error" from someone from
the Finance Ministry:

So, the summary of the story can be read as follow:
"A French Governmental Agency working on cybersecure with defense and
intelligence agencies admitted that they are doing SSL MITM and that,
due to a human error, they have been caught"

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - -

More information about the liberationtech mailing list