On 12/04/11 13:08, Peter Gutmann wrote: > Ondrej Mikle <[email protected]> writes: > >> How do MitM boxes react when they MitM connection to a server with self- >> signed cert (or cert issued by an obsure CA not trusted by MitM box)? > > For one example, see > http://wikileaks.org/spyfiles/docs/bluecoat/219_blue-coat-systems-reference-guide-ssl-proxy.html > and > http://wikileaks.org/spyfiles/docs/bluecoat/246_blue-coat-systems-deployment-guide-deploying-the-ssl-proxy.html.
Thanks. >> Given the state of security/auditing of "private sub-CAs" as described, was >> there ever a report of a breach (e.g. stolen key, fraudulently issued certs)? > > You're joking, right? Sorry, my bad. Mismatch in my thinking<->editing coordination. Originally I wanted to ask whether you encountered a breach that was not over all the news, but a rather localized incident at the places you and Lucky described. Or heard about one from colleagues in the field (then I oversimplified the question's formulation too much). Basically I was curious what portion of similar breaches got buried from "outside world". I re-did the count of CAs whose CRLs had 'CA Compromise' as revocation reason, about month after Peter Eckersley did. Result was the same (counting "trusted" CAs). Plus few others (some seemed to be internal company CAs; but did not chain to a "trusted root"). I found your observations about PKI often spot on and I thought they were hyperbolically witty. I guess then you were actually not joking at all. Ondrej _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
