On 11/30/2011 06:44 PM, Adam Back wrote:
Are there really any CAs which issue sub-CA for "deep packet inspection" aka doing MitM and issue certs on the fly for everything going through them: gmail, hotmail, online banking etc.
http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html
GeoTrust Launches GeoRoot; Allows Organizations with Their Own
Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root> GeoTrust Launches GeoRoot; Allows Organizations with Their Own Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root Economical Solution Complements Capabilities of Internal CAs, such as the Microsoft Certificate Authority, Allowing Public Recognition of SSL and Client Certificates SAN FRANCISCO, RSA CONFERENCE, Feb. 14 /PRNewswire/ -- GeoTrust, Inc., a leader in identity verification solutions for e-business and the world's second largest issuer of SSL (secure sockets layer) certificates for web security, today announced the availability of GeoRoot(TM), an enterprise solution that allows organizations to chain their internally issued digital certificates to GeoTrust's publicly recognized roots. GeoRoot allows organizations with their own Public Key Infrastructure (PKI) to extend the use of SSL server and client certificates by leveraging a highly ubiquitous GeoTrust root, supported by over 99% of browsers. "Today, many large organizations utilize Microsoft's free Certificate Authority to create digital certificates for securing their servers, email and employee remote access," stated Neal Creighton, CEO of GeoTrust. "However, these 'self-signed' certificates are only recognized within the issuing organization or other allied organizations that have chosen to share trust. By chaining to our widely supported public root, these organizations can easily enable trusted e-business transactions outside of their organizations." "Server-based digital certificates for SSL have become increasingly important to organizations because they provide enhanced security," stated Vic Wheatman, Managing Vice President, Gartner, Inc. "However, we recognize that some organizations need to extend acceptance of their own certificates beyond their enterprise. By chaining their certificates to a widely recognized root, organizations can elevate trust levels and SSL functionality while using their own internal PKI system." GeoRoot is designed to complement the existing capabilities of an in-house Certificate Authority, allowing organizations to maintain full control over Registration Authority (RA) functions for the issuance of SSL server certificates and client certificates (x.509). By chaining to GeoTrust's public root, certificates gain compatibility with virtually all browsers and digital certificate and public key security applications, including commerce sites, intranet, extranet, S/MIME and VPN hardware and clients. This ubiquitous recognition allows certificates, whether for electronic documents, secure email or other transactions, to be trusted globally. Certificate lifecycle management is a key feature of GeoRoot, allowing organizations to easily issue, renew and revoke certificates. Other functions, such as authenticating individuals, deploying and managing SSL server certificates and client certificates, as well as managing the distribution of public keys to appropriate parties, are all handled by the organization. GeoRoot also allows an enterprise to maintain its own brand identity when issuing certificates, an attractive feature for certain applications such as email certificates. In addition to GeoRoot, GeoTrust offers a full line of digital certificates for identity verification, including client certificates for secure access, SSL certificates for e-commerce and web services security, code signing certificates for software developers and the recently announced certified signing solution for Adobe(R) Acrobat(R). Its customers include the world's largest hosting companies, Global 1000 companies, educational institutions and government agencies worldwide. Pricing and Availability GeoRoot is available today in several configurations, with annual licenses to meet the needs of low volume to high volume users. GeoRoot is only available for internal use, and organizations must meet certain eligibility requirements, including financial net worth, insurance minimums, policy, implementation and compliance guidelines, and hardware security specifications. Complete details are available from GeoTrust sales at 866-511- 4141 or sa...@geotrust.com. About GeoTrust, Inc. GeoTrust is a leader in identity verification and trust services for e- business. Its products include web security services for secure e-commerce transactions, identity verification services for secure access, digital signing and consumer verification, managed security services and TrustWatch, a free toolbar and search site that helps consumers recognize whether a site has been verified and is safe for the exchange of confidential information (http://www.trustwatch.com). With more than 80,000 companies in over 150 countries using its technology for online security, GeoTrust has rapidly become the second largest digital certificate provider in the world. Visit http://www.geotrust.com or call 781-292-4100 for more information GeoTrust is a registered trademark and GeoRoot is a trademark of GeoTrust, Inc. All other product names are trademarks or registered trademarks of their respective owners. Media Contacts: Joan Lockhart Bill Keeler or Jennifer Roedel GeoTrust, Inc. Schwartz Communications 781-292-4153 781-684-0770 jo...@geotrust.com geotr...@schwartz-pr.com SOURCE GeoTrust, Inc.
The existence of this product has been largely removed from GeoTrust's English-language site (Moxie pointed it out at BlackHat) It's still being promoted in other languages, however.
http://www.google.com/search?q="georoot"+site%3Ageotrust.com
About 212 results 1. GeoRoot – Nehmen Sie Ihre Zertifizierung selbst in die Hand, SSL ... Durch GeoTrust® GeoRoot erhalten Unternehmen vollständige Kontrolle über Registrierungsstellenfunktionen bei der Ausstellung von SSL-Serverzertifikaten ... www.geotrust.com/de/enterprise.../georo... - Cached - Similar 2. GeoRoot – Conviértase en Autoridad de certificación, certificados ... Más información sobre GeoRoot, producto Enterprise SSL que permite a su empresa convertirse en su propia autoridad de certificación - un modo económico ... www.geotrust.com/es/enterprise-ssl.../georoot... - Cached - Similar 3. GeoRoot – Devenez une autorité de certification, certificats SSL ... Pour en savoir plus sur GeoRoot, le produit Enterprise SSL qui permet à votre entreprise de devenir sa propre autorité de certification. Il s'agit là d'un moyen ... www.geotrust.com/fr/enterprise-ssl.../georo... - Cached - Similar 4. SSL Certificates, Document Security, Enterprise SSL from a Leading ... SSL for the Enterprise · Enterprise SSL Save time and money on volume SSL purchases. GeoRoot Become Your Own Certificate Authority. ... www.geotrust.com/products/index.html?pageid=10220000000 - Similar 5. Email GeoTrust Customer Support - GeoTrust ... Certified Document Solutions, Code Signing, My Credential, Microsoft Windows Marketplace Developers, High Volume Solutions (Enterprise), GeoRoot ... www.geotrust.com/about/contact/support-form/ - Cached - Similar 6. SSL Certificates from a Leading SSL Certificate Authority - GeoTrust Signing Products · Certified Document Solutions · Code Signing · My Credential/ EPM Credential · SSL for the Enterprise · Enterprise SSL · GeoRoot · Solutions ... smarticon.geotrust.com/ - Cached - Similar 7. What Out for Phishing Scam on Tumblr | GeoTrust Blog Jun 29, 2011... Quick SSL Premium Certificates, and VeriSign Certified Document Solutions, My Credential Certificates, Enterprise SSL, and GeoRoot. blogs.geotrust.com/2011/06/what-out-for-phishing-scam-on-tumblr/ - Cached - Similar 8. May the 4th be with you! | GeoTrust Blog May 4, 2011... Quick SSL Premium Certificates, and VeriSign Certified Document Solutions, My Credential Certificates, Enterprise SSL, and GeoRoot. blogs.geotrust.com/2011/05/may-the-4th-be-with-you/ - Cached - Similar 9. January | 2011 | GeoTrust Blog Jan 28, 2011... Quick SSL Premium Certificates, and VeriSign Certified Document Solutions, My Credential Certificates, Enterprise SSL, and GeoRoot. blogs.geotrust.com/2011/01/ - Cached - Similar 10. Fraud | GeoTrust Blog Mar 12, 2011... Quick SSL Premium Certificates, and VeriSign Certified Document Solutions, My Credential Certificates, Enterprise SSL, and GeoRoot. blogs.geotrust.com/category/fraud/ - Cached - Similar Sponsored Links 1. GeoTrust SSL Certificates Affordable SSL immediately issued trusted by 99% of browsers. Buy SSL Certificates - 30-Day Free SSL Certificate Trial - Compare SSL Certificates www.geotrust.com
http://translate.google.com/translate?hl=en&ie=UTF8&prev=_t&sl=auto&tl=en&u=http://www.geotrust.com/fr/enterprise-ssl-certificates/georoot/
> Become your own Certificate Authority
GeoTrust® GeoRoot permet aux entreprises de garder une maîtrise totale des fonctions de l'autorité d'enregistrement (AE) pour l'émission de certificats SSL serveur et de certificats client (x.509). GeoTrust ® GeoRoot allows companies to keep total control functions of the Registration Authority (RA) to issue SSL certificates server and client certificates (x.509). Avec des certificats privés, les organisations renforcent leur réputation en termes de transactions sécurisées et fiables. Certificates with private organizations to strengthen their reputation for secure transactions and reliable. Des forfaits annuels fixes bon marché et des licences rentables facilitent l'optimisation des budgets informatiques et abaissent le coût total de possession. Fixed annual packages cheap and easy licensing cost optimization of IT budgets and lower the total cost of ownership. Contactez le service commercial ou appelez le +44 203 0240907. Contact sales or call +44 203 0240907. Reconnaissance globale des certificats auto-signés Global recognition of self-signed certificates Les certificats GeoTrust sont reconnus par 99 % des navigateurs Web et par la plupart des appareils mobiles populaires. GeoTrust certificates are recognized by 99% of Web browsers and most popular mobile devices. Ils sont compatibles avec la majorité des certificats numériques et applications de sécurité à clé publique. They are compatible with most digital certificates and security applications to public key. La reconnaissance universelle des certificats signés GeoRoot permet aux entreprises de s'assurer que les certificats numériques liés à la racine GeoTrust sont dignes de confiance dans le monde entier. The universal recognition of certificates signed GeoRoot allows companies to ensure that digital certificates associated with the GeoTrust root are trusted worldwide. Gestion et contrôle du cycle de vie des certificats Management and control of the life cycle of certificates Les entreprises utilisent GeoRoot pour leurs applications internes personnalisées et pour un échange en toute sécurité des données entre les différents partenaires. Companies use GeoRoot for their internal applications and customized for a secure exchange of data between the different partners. L'entreprise conserve une maîtrise totale sur l'authentification des individus, le déploiement et la gestion des certificats SSL serveur et client ainsi que la gestion de la distribution des clés publiques aux parties concernées, en offrant une souplesse maximale pour sécuriser les applications professionnelles à l'échelle de l'entreprise. The company maintains complete control over the authentication of individuals, deploying and managing SSL server and client and the management of public key distribution to interested parties, offering maximum flexibility for secure business applications across the enterprise. Intégration transparente Seamless integration GeoRoot fonctionne en toute transparence avec Microsoft Active Directory et Certificate Server pour l'authentification et l'émission de certificats signés GeoTrust. GeoRoot works seamlessly with Microsoft Active Directory and Certificate Server for authentication and issuing certificates signed by GeoTrust. Dans la plupart des cas, une fois un certificat généré par MS Certificate Server et signé dans GeoRoot, les informations sur ce certificat sont acheminées automatiquement dans Active Directory. In most cases, once a certificate generated by MS Certificate Server and signed in GeoRoot, information on the certificate are sent automatically to Active Directory. Critères d'admissibilité GeoRoot Eligibility GeoRoot Pour acheter GeoRoot, vous devez satisfaire au moins aux critères suivants : GeoRoot to buy, you must meet at least the following criteria: * Valeur nette de 5 M de $ minimum Net worth of $ 5 million minimum * 5 M de $ minimum pour la garantie Erreurs et omissions Minimum of $ 5 million guarantee for Errors and Omissions * Statuts (ou équivalent) et attestation de fonction fournis Statutes (or equivalent) and attestation function provided * Déclaration de pratique de certificat écrite et à jour Certificate Practice Statement as written and updated * Appareil conforme à FIPS 140-2 de niveau 2 (GeoTrust a établi un partenariat avec SafeNet, Inc.) pour la génération et le stockage de vos clés de certificats racine Apparatus in accordance with FIPS 140-2 Level 2 (GeoTrust has partnered with SafeNet, Inc.). For generating and storing keys Root Certificates * Produit AC agréé de Baltimore/Betrusted, Entrust, Microsoft, Netscape ou RSA Product AC approved the Baltimore / Betrusted, Entrust, Microsoft, Netscape or RSA Instructions client GeoRoot Instructions customer GeoRoot * GeoTrust doit analyser et approuver les profils de certificat pour les certificats racine et d'entité finale de l'organisation avant de pouvoir émettre les certificats. GeoTrust must review and approve the certificate profiles for root certificates and end entity of the organization before they can issue certificates. * Les organisations doivent tenir à jour une liste Certificate Revocation List (CRL) pour tous les certificats émis de l'entreprise. Organizations must maintain a list Certificate Revocation List (CRL) for all certificates issued by the company. * GeoTrust peut demander une déclaration de conformité ou réaliser un audit. GeoTrust may request a statement of compliance or an audit. Instructions pour les certificats SSL serveur GeoRoot Instructions for SSL server certificates GeoRoot * Les certificats SSL peuvent être émis pour une ou plusieurs années SSL certificates can be issued for one or more years * Tous les domaines doivent être détenus par le client de l'entreprise All fields must be held by the client company * Les certificats peuvent être installés sur autant de serveurs que nécessaire Certificates can be installed on as many servers as needed * Les certificats SSL doivent inclure le groupe standard d'extensions X.509 SSL certificates must include the standard set of X.509 extensions Instructions pour les certificats client GeoRoot Instructions for client certificates GeoRoot * Les certificats client peuvent être émis pour une ou plusieurs années Client certificates can be issued for one or more years * Les organisations peuvent émettre des certificats uniquement aux employés et aux domaines qu'elles contrôlent Organizations can issue certificates only to employees and areas under their control * Les entreprises ne peuvent pas revendre ni livrer à des utilisateurs non affiliés Companies can not sell or deliver to users not affiliated * Les certificats doivent inclure le groupe standard d'extensions X.509 Certificates must include the group standard X.509 extensions Module de sécurité matériel SafeNet Luna SafeNet hardware security module Luna Les produits SafeNet Luna® permettent une véritable gestion des clés matérielles afin de préserver l'intégrité des clés de cryptage. SafeNet Luna ® products provide a true hardware key management to preserve the integrity of encryption keys. Les clés sensibles sont créées, stockées et utilisées exclusivement au sein des fonctions sécurisées du module de sécurité matériel Luna pour éviter tout compromis. Sensitive keys are created, stored and used exclusively within the security features of the Luna hardware security module to prevent compromise. Les produits SafeNet Luna ont été intégrés aux solutions GeoTrust et répondent en tous points aux exigences GeoRoot pour un appareil conforme à FIPS 140-2 de niveau 2. SafeNet Luna products have been integrated with GeoTrust solutions and meet all of the requirements for a GeoRoot apparatus according to FIPS 140-2 Level 2.
http://www.geotrust.com/fr/products/
Produits * Certificats SSL * Produits de signature * SSL pour l'entreprise Accueil > Produits Produits Plus de 100 000 clients dans plus de 150 pays font confiance à GeoTrust pour sécuriser les transactions en ligne et faire des affaires sur Internet. SSL CertificatesComparer tous * True BusinessID with EV Dynamisez les transactions en ligne grâce à la barre d'adresse verte. Extended Validation SSL * True BusinessID Protection fiable chez soi, au travail ou en déplacement. * QuickSSL® Premium Sécurisez votre site pour les navigateurs de bureau et les navigateurs de téléphone portable.. * True BusinessID Multi-Domain Sécurisez jusqu'à 25 domaines sur un seul serveur. * True BusinessID Wildcard Sécuriser un nombre illimité de sous-domaines avec un seul certificat. Signing Products * VeriSign® Certified Document Solutions * Code Signing * My Credential Signer et crypter numériquement le courrier électronique. SSL for the Enterprise * Enterprise SSL Épargner du temps et de l'argent avec des achats SSL en gros. * GeoRoot Devenez votre propre autorité de certification.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography