[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Adam Back adam at cypherspace.org
Fri Dec 2 08:41:18 EST 2011


I wonder what that even means.  *.com issued by a sub-CA?  that private key
is a massive risk if so!  I wonder if a *.com is even valid according to
browsers.  Or * that would be funny.

Adam

On Sat, Dec 03, 2011 at 02:24:53AM +1300, Peter Gutmann wrote:
>Adam Back <adam at cypherspace.org> writes:
>
>>[WAP wildcard certs]
>>
>>That is bad.  Are you saying there is anyone doing SSL mitm for stream
>>compression reasons?  Who?
>
>The use of wildard certs in WAP gateways came up from the SSL Observatory
>work... hmm, there's at least a mention of it in "An Observatory for the
>SSLiverse".
>
>Peter.
>



More information about the cryptography mailing list