[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

ianG iang at iang.org
Fri Dec 2 11:14:47 EST 2011

On 2/12/11 23:00 PM, Peter Gutmann wrote:
> I guess if you're running into this sort of thing for the first time then
> you'd be out for blood, but if you've been aware of this it going on for more
> than a decade then it's just business as usual for commercial PKI.  I'm
> completely unfazed by it, it's pretty much what you'd expect.

Wifebeating syndrome :)  I was aware of the claim of MITMing, but nobody 
offered proof and it sort of faded away under the cover of NDAs.

The problem here is that it breaks the CA/SSL promise - that there is no 
MITM.  That is the reason for using certificates in the first place, 
over and above opportunistic encryption.  That is the life-blood of SSL 
v2 - stop the MITM.

If we've decided that the CAs have optioned out the MITM promise on a 
mass scale, then this breaks the promise.  All they've done is sold on 
the MITMs.  So we may as well go back to TOFU.
>> It breaks a clear expectation of security and privacy the user, even very
>> sophisitcated user, has about privacy of their communications.
> Not on a corporate LAN.  IANAL but AFAIK your employer's allowed to run that
> in whatever way they want.

Legally is one plane of dispute:  Yes, sure, contractually and under 
agency theory, the employer is probably within rights.  Except, rights 
can't be contracted away.  Data protection commissioners might not 
agree, as they don't agree that video can be used in offices, only in 
corridors.  And, they don't agree that your radio broadcast information 
can be recorded by google, in contradiction to international radio 
convention :)  And they can read an MITM promise much like any other 
user.  And legal counsel might be a bit pissed if you get phished and 
the court case points the finger at the in-house MITM.

The game is not purely logical or contractual or controllable.  And 
reputation adds a joker.

> I think employees just need to be aware that a corporate LAN is owned by your
> employer, and run for their benefit, not yours.  If you want to do
> $non_work_related_whatever, do it from your home system.

I don't think that is a reliable presumption any more.  There have been 
numerous court cases that have trashed the simple "corporate assets" 


More information about the cryptography mailing list