[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

James A. Donald jamesd at echeque.com
Thu Dec 1 02:45:31 EST 2011

On 2011-12-01 2:03 PM, ianG wrote:
> If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason
> to reset the entire CA? Or is it ok to do MITMing under certain nice
> circumstances?

It seems our CA system has come to resemble our audit system and our 
financial system.

In very white rural areas, you will see stuff for sale on an honor 
system.  Go in, help yourself, and put the money in the box.  Where I 
now live, people often leave their house without locking the door behind 
them.  That is how "rednecks" behave.

As the community becomes more vibrant and diverse the high level of 
trust required for western institutions makes those institutions non 
viable.  We have to reconstruct our institutions for third world trust 
levels and southern European trust levels.  Institutions characteristic 
of Europe and the old North America are no longer capable of 
functioning, have not been capable of functioning for some time.

On the other hand, a paranoid environment, where everything has to be 
locked, and every claim has to be provable, is good business for 
cryptographers.  One can create institutions that will function well in 
such an environment, it is just trickier.

More information about the cryptography mailing list