Full disclosure, that's my post, I just thought it would be relevant to your interests. It's deplorable how they're putting tools in place to infringe on the privacy of an entire country using such dangerous tools as _wikipedia_.
It doesn't appear so, the certificates appear to be signed by Cisco, presumably on some kind of dedicated hardware firewall designed to filter - but it's entirely possible that the service is being ran by Cisco and they're generating false certificates on-the-fly as part of the interception.
Seems like a very misconfigured deployment, since no normal mobile user will use third party CA to connect via Three. I don't expect that this is on purpose.
5 comments
[ 2.9 ms ] story [ 22.7 ms ] threadSeems like a very misconfigured deployment, since no normal mobile user will use third party CA to connect via Three. I don't expect that this is on purpose.
When they did them same thing at OpenDNS (https://www.snip2code.com/Snippet/1503745/opendns-is-man-in-...) the certificate was valid only for 3 days: