[cryptography] trustwave admits issuing corporate mitm certs

William Allen Simpson william.allen.simpson at gmail.com
Tue Feb 14 08:56:26 EST 2012

On 2/13/12 3:43 PM, dan at geer.org wrote:
> Two refs, one confirmed, one hearsay
> 1. J. Beeson, CISO, GE Capital has a standard stump speech,
> "I don't buy your shoes, why should I buy your computer?"
> 2. Sec. Napolitano is said to have bought the iPad she is
> regularly seen with using her own money.
The latter is actually a fairly long-standing practice in Congress,
going back to the '90s.  My member was probably the first carrying
around her own (Mac) laptop.  Because of various ethics rules, to
use the same device for campaign and office and personal, she was
required to buy it herself.

Because of the lack of cooperation between providers, it gave folks
some headaches -- offices were required to contract out the IT to
one of several approved 3rd parties, yet the House administration
ran the internal network itself, and campaign was an entirely
different entity.  Essentially, each office was operated as a
separate corporation.

(This was before widespread shared WiFi.)  Once it became obvious
the Republicans in control were intercepting email carried over
the administrative network between offices, everything had to
run over VPN.

But after they worked it out, it became fairly standard, at least on
the Democratic side of the aisle.

Cell phones, on the other hand, never quite managed.  She had to
carry two all the time, one for campaign and personal and one for
official business.

More information about the cryptography mailing list