[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Adam Back adam at cypherspace.org
Fri Dec 2 08:41:18 EST 2011

I wonder what that even means.  *.com issued by a sub-CA?  that private key
is a massive risk if so!  I wonder if a *.com is even valid according to
browsers.  Or * that would be funny.


On Sat, Dec 03, 2011 at 02:24:53AM +1300, Peter Gutmann wrote:
>Adam Back <adam at cypherspace.org> writes:
>>[WAP wildcard certs]
>>That is bad.  Are you saying there is anyone doing SSL mitm for stream
>>compression reasons?  Who?
>The use of wildard certs in WAP gateways came up from the SSL Observatory
>work... hmm, there's at least a mention of it in "An Observatory for the

More information about the cryptography mailing list