[Ach] filippo on SSL SMTP encryption

Jeroen Massar jeroen at massar.ch
Wed Apr 1 20:43:12 CEST 2015

On 2015-04-01 20:32, Aaron Zauner wrote:
> * Jeroen Massar <jeroen at massar.ch> [01/04/2015 20:13:36] wrote:
>>> I don't think you get the full picture here. Such an adversary has a
>>> /very/ high interest in his work being undetected. If they would be to
>>> massively DoS popular websites with injecting fake headers that would be
>>> noticed immediately. They also can't use these attacks to gain information.
>> You mean like: http://netres.ec/?b=153DB4E ? :)
> So you're suggesting what exactly? That China may inject
> ingress/egress traffic with false HPKP/HSTS header information?

I am heavily hinting that these things are already happening.

Thus that such an attack (injection of anything) is reality.

> Possible but that would be noticed immediately and they'll only DoS
> chinese users of foreign services.

Actually the above attack caused every foreign connection to have the
malicious injection. The local chinese, being inside the firewall, did
not get the injection.


More information about the Ach mailing list