[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Dec 6 19:35:58 EST 2011

<dan at geer.org> writes:
> > This is already standard practice for malware-laden sites, to
> > the extent that it's severely affecting things like Google Safe
> > Browsing and Facebook's link scanner, because Google and Facebook
> > always get to see benign content and only the end user gets the
> > malware.
>This is the single greatest side effect of a personalized web -- what you see
>depends on who you are.  Like that is good or something.

It's always interesting to see how the bad guys adopt some technologies much
faster than the good guys.  Another example beyond this one is intelligent
agents for interacting with online services, which exist mostly as research
papers and projects.  And banking trojans.


More information about the cryptography mailing list