[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Ondrej Mikle ondrej.mikle at nic.cz
Sun Dec 4 07:02:30 EST 2011


On 12/04/11 12:21, Ralph Holz wrote:
> Hi,
> 
>> Hypothetical question: assume enough people get educated how to spot the MitM
>> box at work/airport/hotel. Let's say few of them post the MitM chains publicly
>> which point to a big issuing CA. It was said (by Peter I think) that nothing
>> would likely happen to big issuing CAs (too-big-to-fail). Would the MitM-ing
>> sub-CAs take the fall? (lose license and invested funds)
> 
> We're actually about to release a little tool that does exactly that,
> report the encountered MitM for further scrutiny.

Great! I had some ideas how to implement and spread it, awesome to hear that
that you beat me to it :-)

Ondrej



More information about the cryptography mailing list