[cryptography] trustwave admits issuing corporate mitm certs
noloader at gmail.com
Sun Feb 12 04:27:42 EST 2012
On Sun, Feb 12, 2012 at 4:04 AM, Adam Back <adam at cypherspace.org> wrote:
> So it happened, per recent discussion on this list, it seems that at least
> one CA *has* been issuing sub-CA certs for corporate use in mitm boxes.
> mozilla is threatening to remove the CA from their browser. Trustwave says
> they have/will revoke all these sub-CAs and will not issue any more.
> They also claim in their defense that other CAs are doing this.
Evading computer security systems and tampering with communications is
a violation of federal law in the US. So says the US Attorney General
in New Jersey when he charged Wiseguys Tickets with gaming the
TicketMaster systems [1,2]. If the Attorney General is to be believed,
Trustwave (et al) violated 18 USC 1030 (a) (4) and 1030 (c) (3) (a).
More information about the cryptography