-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/17/2012 11:18 AM, Andy Steingruebl wrote:
> Do you have proof of that or just speculation? CAs have been compromised. A few: Comodo. Diginotar. KPN. If a lone attcker can crack a CA and cut arbitrary certs, a state-sponsored actor could as well. As for buying MITM certs for DLP: https://netsecurityit.wordpress.com/tag/data-loss-prevention/ http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/ Can a CA that's done this in the past be trusted not to do it again in the future? I don't think so. If one does it, that gives the idea to others, and they might not get caught. There is a lot of money that could be made selling them as well as a market for them (the same market for DLP hardware). See also, Jeff Walton's post earlier to this list. - -- The Doctor [412/724/301/703] [ZS|Media] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ FizerPharm: Trust. Profit. Deniability. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDPR5AACgkQO9j/K4B7F8Gr0QCgySnFFaFwKNhnC6zEdtQsAtgO qtQAniR0Z9a/k5KJmUe0QoK3X2DUmP7I =KJzz -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
