[cryptography] really sub-CAs for MitM deep packet inspectors? (Re: Auditable CAs)
iang at iang.org
Wed Nov 30 23:30:39 EST 2011
On 1/12/11 15:10 PM, Peter Gutmann wrote:
> ianG<iang at iang.org> writes:
>> Is this in anyway a cause for action in contract? Is this a caused for
> And given that you have to ask the MITM for the revocation information, how
> would you revoke such a cert?
Wait! Mallory has delivered Alice a valid CA-signed-sub-CA-signed
cert. That is the valid information, right? There was nothing wrong
the cert that wasn't seen, it is the new one that is at fault.
Or, am I missing something?
> And that was "Why blacklists suck for validity checks, reason #872 in a series
> of 10,000 or so". Returning you now to Max Geldray and Orchestra...
Gnash.... 3rd time lucky ... the list reply behaviour has changed......
More information about the cryptography