On Sun, Feb 12, 2012 at 5:43 AM, Krassimir Tzvetanov <[email protected]> wrote: > While I'm not a lawyer and my opinion is in noway authoritive I do not > believe there is any violation. They ay be an accessory to a potential > crime but they themselves did not do the tapping. I think its a bit broader than an accessory since they knoew what the company wanted to do. Trustwave was onsite and set the system up - they were clearly a co-conspirator. They even bragged about how ethical it was because they used an HSM.
Jeff > On Sun, Feb 12, 2012 at 1:27 AM, Jeffrey Walton <[email protected]> wrote: >> On Sun, Feb 12, 2012 at 4:04 AM, Adam Back <[email protected]> wrote: >>> So it happened, per recent discussion on this list, it seems that at least >>> one CA *has* been issuing sub-CA certs for corporate use in mitm boxes. >>> >>> http://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 >>> >>> mozilla is threatening to remove the CA from their browser. Trustwave says >>> they have/will revoke all these sub-CAs and will not issue any more. >>> >>> They also claim in their defense that other CAs are doing this. >> Evading computer security systems and tampering with communications is >> a violation of federal law in the US. So says the US Attorney General >> in New Jersey when he charged Wiseguys Tickets with gaming the >> TicketMaster systems [1,2]. If the Attorney General is to be believed, >> Trustwave (et al) violated 18 USC 1030 (a) (4) and 1030 (c) (3) (a). >> >> Jeff >> >> [1] http://www.wired.com/threatlevel/2010/03/wiseguys-indicted/ >> [2] >> http://www.wired.com/images_blogs/threatlevel/2010/03/wiseguys-indictment-filed.pdf _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
