On Thu, Dec 1, 2011 at 5:32 AM, Rose, Greg <g...@qualcomm.com> wrote: > > On 2011 Nov 30, at 17:18 , Lee wrote: > >> On 11/30/11, Rose, Greg <g...@qualcomm.com> wrote: >>> >>> On 2011 Nov 30, at 16:44 , Adam Back wrote: >>> >>>> Are there really any CAs which issue sub-CA for "deep packet inspection" >>>> aka >>>> doing MitM and issue certs on the fly for everything going through them: >>>> gmail, hotmail, online banking etc. >>> >>> Yes, there are. I encountered one in a hotel at Charles de Gaulle airport a >>> few weeks ago. >> >> How did you know there was a MITM if it gave out a valid cert? > > I run a wonderful Firefox extension called Certificate Patrol. It keeps a > local cache of certificates, and warns you if a certificate, CA, or public > key changes unexpectedly. Sort of like SSH meets TLS. As soon as I went to my > stockbroker's web site, the warnings started to appear. Then it was just > checking IP addresses and stuff.
So ... let's see the cert(s), then! _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography