[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Dec 2 05:02:14 EST 2011

Adam Back <adam at cypherspace.org> writes:

>Start of the thread was that Greg and maybe others claim they've seen a cert
>in the wild doing MitM on domains the definitionally do NOT own.

It's not just a claim, I've seen them too.  For example I have a cert issued
for google.com from such a MITM proxy.  I was asked by the contributor not to
reveal any details on it because it contains the name and other info on the
intermediate CA that issued it, but it's a cert for google.com used for deep
packet inspection on a MITM proxy.  I also have a bunch of certs from private-
label CAs that chain directly up to big-name public CAs, there's no technical
measure I can see in them anywhere that would prevent them from issuing certs
under any name.

(An unfortunate effect of the private-label CAs is that they contain
identifying information on the organisation that uses them, something I hadn't
considered in my "post them to the list" request, and publishing them would
publicly out your employer or organisation as doing this.  So I'll modify my
"post to the list" to "email them to me in private" :-).

>The real question again is can we catch a boingo or corp lan or government
>using a MitM sub-CA cert, and then we'll know which CA is complicit in issuing
>it, and delist them.

Given that some of the biggest CAs around sell private-label CA certs, you'd
end up shutting down half the Internet if you did so.


More information about the cryptography mailing list