[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

ianG iang at iang.org
Fri Dec 2 14:00:14 EST 2011


On 3/12/11 03:36 AM, Ben Laurie wrote:
> On Fri, Dec 2, 2011 at 4:14 PM, ianG<iang at iang.org>  wrote:
>> On 2/12/11 23:00 PM, Peter Gutmann wrote:
>>> I guess if you're running into this sort of thing for the first time then
>>> you'd be out for blood, but if you've been aware of this it going on for
>>> more
>>> than a decade then it's just business as usual for commercial PKI.  I'm
>>> completely unfazed by it, it's pretty much what you'd expect.
>>
>> Wifebeating syndrome :)  I was aware of the claim of MITMing, but nobody
>> offered proof and it sort of faded away under the cover of NDAs.
> Note that this is still the case :-)

Which is the point of security by NDA :)

Whoever said security by obscurity doesn't work?  Must have been on 
something.

iang



More information about the cryptography mailing list