[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Jon Callas jon at callas.org
Thu Dec 1 01:28:05 EST 2011


On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote:

> I run a wonderful Firefox extension called Certificate Patrol. It keeps a local cache of certificates, and warns you if a certificate, CA, or public key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my stockbroker's web site, the warnings started to appear. Then it was just checking IP addresses and stuff.

And I presume you didn't save the cert.

Of course, we just need to have people look for these and then save them.

	Jon




More information about the cryptography mailing list