[cryptography] how many MITM-enabling sub-roots chain up to public-facing CAs ?
iang at iang.org
Mon Feb 13 21:31:29 EST 2012
Kathleen at Mozilla has reported that she is having trouble dealing with
Trustwave question because she doesn't know how many other CAs have
issued sub-roots that do MITMs.
Zero, one, a few or many?
I've sent a private email out to those who might have had some direct
exposure. If there are any others that might have some info, feel free
to provide evidence to kwilson at mozilla.com or to me if you want it
If possible, the name of the CA, and the approximate circumstance. Also
how convinced you are that it was a cert issued without the knowledge of
the owner. Or any information really...
Obviously we all want to know who and how many ... but right now is not
the time to repeat demands for full disclosure. Right now, vendors need
to decide whether they are dropping CAs or not.
More information about the cryptography