[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

James A. Donald jamesd at echeque.com
Sun Dec 4 14:52:40 EST 2011

On 2011-12-04 18:18, Ondrej Mikle wrote:
> Hypothetical question: assume enough people get educated how to spot the MitM
> box at work/airport/hotel. Let's say few of them post the MitM chains publicly
> which point to a big issuing CA. It was said (by Peter I think) that nothing
> would likely happen to big issuing CAs (too-big-to-fail). Would the MitM-ing
> sub-CAs take the fall? (lose license and invested funds)

You think too small.  We should be trying to replace PKI, not particular 
badly behaved bits of the PKI infrastructure.

More information about the cryptography mailing list