Nathan Loofbourrow <njl...@gmail.com> writes: >On Wed, Nov 30, 2011 at 4:47 PM, Rose, Greg <g...@qualcomm.com> wrote: >> On 2011 Nov 30, at 16:44 , Adam Back wrote: >> >> > Are there really any CAs which issue sub-CA for "deep packet inspection" >> > aka >> > doing MitM and issue certs on the fly for everything going through them: >> > gmail, hotmail, online banking etc. >> >> Yes, there are. I encountered one in a hotel at Charles de Gaulle airport >> a few weeks ago. > >Yup. Boingo does this. Also, many employers.
Can someone send me a couple of certs (Amazon, Google, whatever) generated by one of these MITMs, specifically the full cert chain ("Save as PKCS #7" in the cert dialog of most browsers)? I've got e.g. SonicWall ones where you have to trust the SonicWall CA cert, but presumably these are chained to a public CA so users don't get warnings, which means the proxies would have to be set up with more or less Comodogate-by-design CA certs. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography