[cryptography] trustwave admits issuing corporate mitm certs

Adam Back adam at cypherspace.org
Sun Feb 12 04:04:13 EST 2012

So it happened, per recent discussion on this list, it seems that at least
one CA *has* been issuing sub-CA certs for corporate use in mitm boxes.


mozilla is threatening to remove the CA from their browser.  Trustwave says
they have/will revoke all these sub-CAs and will not issue any more.

They also claim in their defense that other CAs are doing this.


More information about the cryptography mailing list