* Adam Back:

> Are there really any CAs which issue sub-CA for "deep packet inspection" aka
> doing MitM and issue certs on the fly for everything going through them:
> gmail, hotmail, online banking etc.

Such CAs do exist, but to my knowledge, they are enterprise-internal CAs
which are installed on corporate devices, presumably along with other
security software.  Even from a vendor point of view, this additional
installation step is desirable because it fits well with a per-client
licensing scheme, so I'm not sure what the benefit would be to get a
certificate leading to one of the public roots.

-- 
Florian Weimer                <[email protected]>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to