[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ben Laurie ben at links.org
Fri Dec 2 06:42:30 EST 2011


On Fri, Dec 2, 2011 at 10:02 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Adam Back <adam at cypherspace.org> writes:
>
>>Start of the thread was that Greg and maybe others claim they've seen a cert
>>in the wild doing MitM on domains the definitionally do NOT own.
>
> It's not just a claim, I've seen them too.  For example I have a cert issued
> for google.com from such a MITM proxy.  I was asked by the contributor not to
> reveal any details on it because it contains the name and other info on the
> intermediate CA that issued it, but it's a cert for google.com used for deep
> packet inspection on a MITM proxy.  I also have a bunch of certs from private-
> label CAs that chain directly up to big-name public CAs, there's no technical
> measure I can see in them anywhere that would prevent them from issuing certs
> under any name.
>
> (An unfortunate effect of the private-label CAs is that they contain
> identifying information on the organisation that uses them, something I hadn't
> considered in my "post them to the list" request, and publishing them would
> publicly out your employer or organisation as doing this.  So I'll modify my
> "post to the list" to "email them to me in private" :-).

To what end? And, BTW, I'd like to see them too :-)

>>The real question again is can we catch a boingo or corp lan or government
>>using a MitM sub-CA cert, and then we'll know which CA is complicit in issuing
>>it, and delist them.
>
> Given that some of the biggest CAs around sell private-label CA certs, you'd
> end up shutting down half the Internet if you did so.
>
> Peter.



More information about the cryptography mailing list