On 1/12/11 11:50 AM, Nathan Loofbourrow wrote:
On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg <g...@qualcomm.com
<mailto:g...@qualcomm.com>> wrote:
On 2011 Nov 30, at 16:44 , Adam Back wrote:
> Are there really any CAs which issue sub-CA for "deep packet
inspection" aka
> doing MitM and issue certs on the fly for everything going
through them:
> gmail, hotmail, online banking etc.
Yes, there are. I encountered one in a hotel at Charles de Gaulle
airport a few weeks ago.
Yup. Boingo does this. Also, many employers.
Do these sub-CAs do MITMs on the certs from other CAs?
Is this in anyway a cause for action in contract? Is this a caused for
revocation?
If a CA is issuing sub-CAs for the purpose of MITMing, is this a reason
to reset the entire CA? Or is it ok to do MITMing under certain nice
circumstances?
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography