On Sun, Feb 12, 2012 at 5:43 AM, Krassimir Tzvetanov <mailli...@krassi.biz> wrote: > While I'm not a lawyer and my opinion is in noway authoritive I do not > believe there is any violation. They ay be an accessory to a potential > crime but they themselves did not do the tapping. > > Now on the other hand those companies that did the tapping should be > OK for as long as they are clear with the employees that they cannot > expect privacy, which usually is the case. Usually this is in the > paperwork you sing when you start working there in the section privacy > policy. Two questions:
(1) How can a company actively attack a secure channel and tamper with communications if there are federal laws prohibiting it? It seems to me they can only take the role of passive adversaries and still comply with US law, (2) Did the other end of the SSL/TLS tunnel also agree to be monitored? Jeff > On Sun, Feb 12, 2012 at 1:27 AM, Jeffrey Walton <noloa...@gmail.com> wrote: >> On Sun, Feb 12, 2012 at 4:04 AM, Adam Back <a...@cypherspace.org> wrote: >>> So it happened, per recent discussion on this list, it seems that at least >>> one CA *has* been issuing sub-CA certs for corporate use in mitm boxes. >>> >>> http://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 >>> >>> mozilla is threatening to remove the CA from their browser. Trustwave says >>> they have/will revoke all these sub-CAs and will not issue any more. >>> >>> They also claim in their defense that other CAs are doing this. >> Evading computer security systems and tampering with communications is >> a violation of federal law in the US. So says the US Attorney General >> in New Jersey when he charged Wiseguys Tickets with gaming the >> TicketMaster systems [1,2]. If the Attorney General is to be believed, >> Trustwave (et al) violated 18 USC 1030 (a) (4) and 1030 (c) (3) (a). >> >> Jeff >> >> [1] http://www.wired.com/threatlevel/2010/03/wiseguys-indicted/ >> [2] >> http://www.wired.com/images_blogs/threatlevel/2010/03/wiseguys-indictment-filed.pdf >> _______________________________________________ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
