[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ben Laurie ben at links.org
Thu Dec 1 12:09:44 EST 2011

On Thu, Dec 1, 2011 at 4:56 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> On 11/30/2011 06:44 PM, Adam Back wrote:
>> Are there really any CAs which issue sub-CA for "deep packet
>> inspection" aka doing MitM and issue certs on the fly for everything
>> going through them: gmail, hotmail, online banking etc.
>> http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html

They appear to actually be selling sub-RA functionality, but very hard
to tell from the press release.

Bottom line: I'm going to believe this one someone displays a cert chain.

More information about the cryptography mailing list