[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)
James A. Donald
jamesd at echeque.com
Thu Dec 1 02:45:31 EST 2011
On 2011-12-01 2:03 PM, ianG wrote:
> If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason
> to reset the entire CA? Or is it ok to do MITMing under certain nice
> circumstances?
It seems our CA system has come to resemble our audit system and our
financial system.
In very white rural areas, you will see stuff for sale on an honor
system. Go in, help yourself, and put the money in the box. Where I
now live, people often leave their house without locking the door behind
them. That is how "rednecks" behave.
As the community becomes more vibrant and diverse the high level of
trust required for western institutions makes those institutions non
viable. We have to reconstruct our institutions for third world trust
levels and southern European trust levels. Institutions characteristic
of Europe and the old North America are no longer capable of
functioning, have not been capable of functioning for some time.
On the other hand, a paranoid environment, where everything has to be
locked, and every claim has to be provable, is good business for
cryptographers. One can create institutions that will function well in
such an environment, it is just trickier.
More information about the cryptography
mailing list