[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

James A. Donald jamesd at echeque.com
Fri Dec 2 14:33:03 EST 2011


That vast numbers of private label CAs exist that could perform man in 
the middle attacks is disturbing, but not newsworthy.

That some pseudonymous guy on the internet says that they do perform man 
in the middle attacks is disturbing, but not newsworthy.

Proof of a man in the middle attack, in the form of a certificate chain 
wherein a private label ca issues a certificate for an outside domain 
name, would be newsworthy, would be a big step towards replacing PKI.




More information about the cryptography mailing list