* Adam Back: > Are there really any CAs which issue sub-CA for "deep packet inspection" aka > doing MitM and issue certs on the fly for everything going through them: > gmail, hotmail, online banking etc.
Such CAs do exist, but to my knowledge, they are enterprise-internal CAs which are installed on corporate devices, presumably along with other security software. Even from a vendor point of view, this additional installation step is desirable because it fits well with a per-client licensing scheme, so I'm not sure what the benefit would be to get a certificate leading to one of the public roots. -- Florian Weimer <[email protected]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
