[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Dec 2 00:38:24 EST 2011

Marsh Ray <marsh at extendedsubset.com> writes:

> Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public
> Root

February of which year?  If it's from this year then they're really late to
the party, commercial CAs have been doing this for more than a decade.  These
things are huge money-earners for them, they start at around $50K per sub-CA
cert and go from there, and because you have to do this to turn off the
browser warnings, large numbers of companies do it.  I don't know about actual
figures, but from stories I've heard it wouldn't surprise me if many CAs made
the majority of their income from selling padlocks [0] to companies rather
than selling them to web sites.

Or is GeoRoot some novel new thing that I'm not familiar with?


[0] By "selling padlocks" I mean you give them money and people who come to
    your site get to see a padlock picture.

More information about the cryptography mailing list