That vast numbers of private label CAs exist that could perform man in
the middle attacks is disturbing, but not newsworthy.
That some pseudonymous guy on the internet says that they do perform man
in the middle attacks is disturbing, but not newsworthy.
Proof of a man in the middle attack, in the form of a certificate chain
wherein a private label ca issues a certificate for an outside domain
name, would be newsworthy, would be a big step towards replacing PKI.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography