On Sun, Feb 12, 2012 at 4:04 AM, Adam Back <[email protected]> wrote: > So it happened, per recent discussion on this list, it seems that at least > one CA *has* been issuing sub-CA certs for corporate use in mitm boxes. > > http://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 > > mozilla is threatening to remove the CA from their browser. Trustwave says > they have/will revoke all these sub-CAs and will not issue any more. > > They also claim in their defense that other CAs are doing this. Evading computer security systems and tampering with communications is a violation of federal law in the US. So says the US Attorney General in New Jersey when he charged Wiseguys Tickets with gaming the TicketMaster systems [1,2]. If the Attorney General is to be believed, Trustwave (et al) violated 18 USC 1030 (a) (4) and 1030 (c) (3) (a).
Jeff [1] http://www.wired.com/threatlevel/2010/03/wiseguys-indicted/ [2] http://www.wired.com/images_blogs/threatlevel/2010/03/wiseguys-indictment-filed.pdf _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
