Nathan Loofbourrow <njl...@gmail.com> writes:
>On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg <g...@qualcomm.com> wrote:
>> On 2011 Nov 30, at 16:44 , Adam Back wrote:
>>
>> > Are there really any CAs which issue sub-CA for "deep packet inspection"
>> > aka
>> > doing MitM and issue certs on the fly for everything going through them:
>> > gmail, hotmail, online banking etc.
>>
>> Yes, there are. I encountered one in a hotel at Charles de Gaulle airport
>> a few weeks ago.
>
>Yup. Boingo does this. Also, many employers.
Can someone send me a couple of certs (Amazon, Google, whatever) generated by
one of these MITMs, specifically the full cert chain ("Save as PKCS #7" in the
cert dialog of most browsers)? I've got e.g. SonicWall ones where you have to
trust the SonicWall CA cert, but presumably these are chained to a public CA
so users don't get warnings, which means the proxies would have to be set up
with more or less Comodogate-by-design CA certs.
Peter.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
