[cryptography] trustwave admits issuing corporate mitm certs

John Case case at sdf.org
Sat Feb 25 18:55:56 EST 2012


On Sun, 12 Feb 2012, Jeffrey Walton wrote:

>
> (2) Did the other end of the SSL/TLS tunnel also agree to be monitored?
>


Ding!

Yes, that is the key - and was the key the first time we visited this 
subject a few months ago.

When all is said and done, and Jane Doe cube peasant signs away her life, 
and the browsers all look the other way and "every CA is doing it" ... 
after all of that, does Wells Fargo actually consent to your bullshit 
Fortune 30,000 firm monitoring their online banking ?

I'll bet not.  How about eftps.gov ?  How about dmv.ca.gov ?

There are two sides to an SSL transaction ...



More information about the cryptography mailing list