[cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

jd.cypherpunks jd.cypherpunks at gmail.com
Fri Dec 2 16:08:49 EST 2011



> On 3/12/11 03:36 AM, Ben Laurie wrote:
>> On Fri, Dec 2, 2011 at 4:14 PM, ianG<iang at iang.org>  wrote:
>>> On 2/12/11 23:00 PM, Peter Gutmann wrote:
>>>> I guess if you're running into this sort of thing for the first time then
>>>> you'd be out for blood, but if you've been aware of this it going on for
>>>> more
>>>> than a decade then it's just business as usual for commercial PKI.  I'm
>>>> completely unfazed by it, it's pretty much what you'd expect.
>>> 
>>> Wifebeating syndrome :)  I was aware of the claim of MITMing, but nobody
>>> offered proof and it sort of faded away under the cover of NDAs.
>> Note that this is still the case :-)
> 
> Which is the point of security by NDA :)
> 
> Whoever said security by obscurity doesn't work?  Must have been 

true :)


More information about the cryptography mailing list