[cryptography] how many MITM-enabling sub-roots chain up to public-facing CAs ?
jon at callas.org
Tue Feb 14 13:16:23 EST 2012
On Feb 14, 2012, at 7:42 AM, ianG wrote:
> On 14/02/12 21:40 PM, Ralph Holz wrote:
>> Actually, we thought about asking Mozilla directly and in public: how
>> many such CAs are known to them?
> It appears their thoughts were "none."
> Of course there have been many claims in the past. But the Mozilla CA desk is frequently surrounded by buzzing small black helicopters so it all becomes noise.
I've asked about this, too, and the *documented* evidence of this happening is exactly that -- zero.
I believe it happens. People I trust have told me, whispered in my ear, and assured me that someone they know has told them about it, but there's documented evidence of it zero times.
I'd accept a screen shot of a cert display or other things as evidence, myself, despite those being quite forgeable, at this point.
Their thoughts of it being none are reasonably agnostic on it.
Those who have evidence need to start sharing.
More information about the cryptography