A brief explanation of Internet traffic Man-In-The-Middle (MITM) Interception
Man-In-The-Middle (MITM) interception of encrypted Transport Layer Security (TLS) Internet traffic is achieved when a proxy server between a client and a legitimate remote server impersonates the legitimate remote server, relays all HTTPS, IMAPS and/or SMTPS requests and responses to and from the remote server while capturing them.
The MITM intercepting proxy server pretends to be the server to the client and pretends to be the client to the server, while it sits in the middle decoding traffic from both sides.
The intercepting proxy server can achieve the above because it is able to generate TLS certificates signed by a Certification Authority (CA) that the client trusts. A very widely deployed kind of servers which could potentially be used as intercepting MITM proxy servers for unlawful interception are the Content Delivery Network (CDN) servers.
The only way to minimize the risk of unlawful MITM interception of the Internet traffic (web pages and sent or received emails) is to limit the number of trusted Certification Authorities (CA) certificates to an essential set (see Settings->Security->Trusted Credentials).
Unfortunately, a generic configuration of an essential set of trusted Certification Authorities (CA) cannot be provided by default, because it essentially depends on a number of very specific factors, such as the country, the email service provider and the websites that are generally visited by the user.
A digital certification scheme recently introduced in the European Union (EU) and called eIDAS introduces the potential ability for any State agency of any EU member State to intercept the Internet traffic of citizens of other EU member States in any EU member State: see the Amendments proposed in 2022 to EU Regulation 910/2014 and the eIDAS Open Letter.
Copyright © 2024-2025 Guido Trentalancia. All rights reserved.