[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Rose, Greg ggr at qualcomm.com
Thu Dec 1 11:26:15 EST 2011


On 2011 Nov 30, at 22:28 , Jon Callas wrote:

> On Nov 30, 2011, at 9:32 PM, Rose, Greg wrote:
> 
>> I run a wonderful Firefox extension called Certificate Patrol. It keeps a local cache of certificates, and warns you if a certificate, CA, or public key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my stockbroker's web site, the warnings started to appear. Then it was just checking IP addresses and stuff.
> 
> And I presume you didn't save the cert.
> 
> Of course, we just need to have people look for these and then save them.

Yes. I regret that I had much bigger issues at the time than saving the cert. But, honestly, this is just the most recent time I've seen it... usually when traveling. I'm sure it won't be long before someone with more time and inclination than me will see another one.

sorry about that,
Greg.


More information about the cryptography mailing list