[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ralph Holz holz at net.in.tum.de
Sun Dec 4 06:21:40 EST 2011


Hi,

> Hypothetical question: assume enough people get educated how to spot the MitM
> box at work/airport/hotel. Let's say few of them post the MitM chains publicly
> which point to a big issuing CA. It was said (by Peter I think) that nothing
> would likely happen to big issuing CAs (too-big-to-fail). Would the MitM-ing
> sub-CAs take the fall? (lose license and invested funds)

We're actually about to release a little tool that does exactly that,
report the encountered MitM for further scrutiny.

Ralph

-- 
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20111204/1060d12c/attachment.asc>


More information about the cryptography mailing list