[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

James A. Donald jamesd at echeque.com
Fri Dec 2 04:08:49 EST 2011


On 2011-12-02 6:33 PM, Adam Back wrote:
> To hand over a blank cheque sub-CA cert that could sign gmail.com is
> somewhat dangerous. But you notice that geotrust require it to be in a
> hardware token, and some audits blah blah, AND more importantly that you
> agree not to create certs for domains you dont own.

And we have seen how effective audits have been since Sarbannes Oxley.




More information about the cryptography mailing list