[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)

ianG iang at iang.org
Wed Nov 30 23:30:39 EST 2011


On 1/12/11 15:10 PM, Peter Gutmann wrote:
> ianG<iang at iang.org>  writes:
>
>> Is this in anyway a cause for action in contract?  Is this a caused for
>> revocation?
> And given that you have to ask the MITM for the revocation information, how
> would you revoke such a cert?

Wait!  Mallory has delivered Alice a valid CA-signed-sub-CA-signed 
cert.  That is the valid information, right?  There was nothing wrong 
the cert that wasn't seen, it is the new one that is at fault.

Or, am I missing something?
> And that was "Why blacklists suck for validity checks, reason #872 in a series
> of 10,000 or so".  Returning you now to Max Geldray and Orchestra...
>

Gnash.... 3rd time lucky ... the list reply behaviour has changed......

iang



More information about the cryptography mailing list