[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Dec 4 23:30:25 EST 2011


Ondrej Mikle <ondrej.mikle at nic.cz> writes:

>Sorry, my bad. Mismatch in my thinking<->editing coordination. Originally I
>wanted to ask whether you encountered a breach that was not over all the
>news, but a rather localized incident at the places you and Lucky described.
>Or heard about one from colleagues in the field (then I oversimplified the
>question's formulation too much).
>
>Basically I was curious what portion of similar breaches got buried from
>"outside world".

So it's a bit of a "how many undetected security compromises have you had"
question :-).  As such it's impossible to answer, although in general I would
say that I doubt some of the parties involved would actually be capable of
detecting a breach.  So it's not a case of "would they cover it up", it's "how
would they even know"?

At best you could reason by analogy, consider the typical IT-using company and
their security measures, would you trust them to detect and identify an
intrusion (say an SQL injection attack on their server) and notify the media
and their customers so that they could take corrective action?  You're now
dealing with standard organisations (not even computer companies but just
J.Random organisation somewhere), and this is IT Job #427, alongside more
important stuff like how do your remote staff get to the Exchange server from
their hotel in Bratislava and how do you get iTunes traffic through the
firewall [0].

Peter.

[0] Whoever coupled OS updates and whatnot with a mechanism as firewall-
    hostile as iTunes needs to be killed and eaten to prevent them from 
    passing on the genes.



More information about the cryptography mailing list