[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)
James A. Donald
jamesd at echeque.com
Fri Dec 2 14:33:03 EST 2011
That vast numbers of private label CAs exist that could perform man in
the middle attacks is disturbing, but not newsworthy.
That some pseudonymous guy on the internet says that they do perform man
in the middle attacks is disturbing, but not newsworthy.
Proof of a man in the middle attack, in the form of a certificate chain
wherein a private label ca issues a certificate for an outside domain
name, would be newsworthy, would be a big step towards replacing PKI.
More information about the cryptography