[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

Jeffrey Walton noloader at gmail.com
Fri Dec 2 14:04:33 EST 2011


On Fri, Dec 2, 2011 at 2:00 PM, ianG <iang at iang.org> wrote:
> On 3/12/11 03:36 AM, Ben Laurie wrote:
>>
>> On Fri, Dec 2, 2011 at 4:14 PM, ianG<iang at iang.org>  wrote:
>>>
>>> On 2/12/11 23:00 PM, Peter Gutmann wrote:
>>>>
>>>> I guess if you're running into this sort of thing for the first time
>>>> then
>>>> you'd be out for blood, but if you've been aware of this it going on for
>>>> more
>>>> than a decade then it's just business as usual for commercial PKI.  I'm
>>>> completely unfazed by it, it's pretty much what you'd expect.
>>>
>>>
>>> Wifebeating syndrome :)  I was aware of the claim of MITMing, but nobody
>>> offered proof and it sort of faded away under the cover of NDAs.
>>
>> Note that this is still the case :-)
>
>
> Which is the point of security by NDA :)
>
> Whoever said security by obscurity doesn't work?  Must have been on
> something.
:)



More information about the cryptography mailing list