[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Ben Laurie ben at links.org
Fri Dec 2 11:36:14 EST 2011


On Fri, Dec 2, 2011 at 4:14 PM, ianG <iang at iang.org> wrote:
> On 2/12/11 23:00 PM, Peter Gutmann wrote:
>>
>> I guess if you're running into this sort of thing for the first time then
>> you'd be out for blood, but if you've been aware of this it going on for
>> more
>> than a decade then it's just business as usual for commercial PKI.  I'm
>> completely unfazed by it, it's pretty much what you'd expect.
>
>
> Wifebeating syndrome :)  I was aware of the claim of MITMing, but nobody
> offered proof and it sort of faded away under the cover of NDAs.

Note that this is still the case :-)



More information about the cryptography mailing list