[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Rose, Greg ggr at qualcomm.com
Fri Dec 2 13:05:47 EST 2011

Some random chiming in...

On 2011 Dec 2, at 5:00 , Adam Back wrote:

> On Sat, Dec 03, 2011 at 01:00:14AM +1300, Peter Gutmann wrote:
>> I was asked not to reveal details and I won't, 
> Of course, I would do the same if so asked.  But there are lots of people on
> the list who have not obtained information indirectly, with confidentiality
> assurances offered, and for them remailers exist.
>> but in any case I don't know whether it would achieve much.  For the case
>> of a public CA doing it, you'd see that CA X is involved, ...
> personally I'd like to know who is doing this and at what scale.

As Peter said, this has been happening for some years. The reason I mentioned CDG airport is because it's the only such incident where I remembered exactly where I was (Sheraton hotel, never staying there again... not that this is the reason why). To me it was just the usual speed bump to be worked around.
>> I guess if you're running into this sort of thing for the first time then
>> you'd be out for blood, but if you've been aware of this it going on for more
>> than a decade then it's just business as usual for commercial PKI.  I'm
>> completely unfazed by it, it's pretty much what you'd expect.
> I do not think its what you'd expect.  A CA should issue certificates only
> to the holders of certificates.  It should NOT issue sub-CA certifactes to
> third parties who will then issue certs to domains they dont own.  Not even
> on the fly inside a "packet inspection" box.

For how many years have Thawte and Verisign and others been prepared to issue certificates based only on the fact that the cheque cleared?
> If someone wants to inspect packets on a corporate lan they can issue their
> own self-signed cert, and install that in their users browsers in their OS
> install image.
> Then if I go on their LAN with my own equipment, I'll get a warning.
> I think its unacceptable to have CAs issuing such certs.

I agree. But like a lot of unacceptable things, it happens because it makes money for someone.
>>> It breaks a clear expectation of security and privacy the user, even very
>>> sophisitcated user, has about privacy of their communications.
>> Not on a corporate LAN.  IANAL but AFAIK your employer's allowed to run that
>> in whatever way they want.
> No.  Also IANAL but there were several cases where employees did have an
> expectation of privacy upheld even in the US.  Certainly you cant do that in
> the EU legally either.

So now the company uses a login banner that says "You have no expectation of privacy when using this system." And of course the employee has no choice but to click through.

[rest snipped.]


More information about the cryptography mailing list