[cryptography] trustwave admits issuing corporate mitm certs

dan at geer.org dan at geer.org
Mon Feb 13 15:39:51 EST 2012

 > Not really tough.  A good policy is: don't allow personal use of the
 > corporate network.  No gmail.  No yahoo.  No employee-owned devices.
 > No shopping.  No nothing.  Allow HTTPS only to white-listed sites
 > (e.g., vendor software update services, a github or a sourceforge, if
 > the company uses open source projects, and so on).

So, this Times article suggests hygiene if one goes to China/Russia


and the question might be what is the probability of similar issues
in, say, conference hotels in US resort cities?  If not now, when?

Just sayin'


More information about the cryptography mailing list