On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow <christopher.mor...@gmail.com> wrote: > > On Jan 2, 2013 7:36 PM, "William Herrin" <b...@herrin.us> wrote: >> > >> > >> > Me, no, although I have read credible reports that otherwise reputable >> > SSL >> > signers have issued MITM certs to governments for their filtering >> > firewalls. >> > > That's not the case join is referring to. > >> The governments in question are watching for exfiltration and they > > No, not really. Some are busy tracking "dissidents" among their populations. > >> largely use a less risky approach: they issue their own root key and, >> in most cases, install it in the government employees' browser before >> handing them the machine. >> > > Not just for employees. > >> A "reputable" SSL signer would have to get outed just once issuing a >> government a resigning cert and they'd be kicked out of all the >> browsers. They'd be awfully easy to catch. >> > > Oh! You mean like cyber trust and etilisat? Right... That's working just > perfectly...
should have included this reference link: <https://www.eff.org/deeplinks/2010/08/open-letter-verizon>