Wifebeating syndrome :) I was aware of the claim of MITMing, but nobody
offered proof and it sort of faded away under the cover of NDAs.
Just on that above: Back in 2005, 2006 or so when the Mozilla policy was
being written, allegations surfaced that two CAs were practicing MITMing
as a
ianG i...@iang.org writes:
PS; we need a better name than DPI MITM. For some reason I'm thinking of WITM.
Given that the whole reason for doing this silly-walk in the first place was to
protect us against MITMs, I wouldn't use WITM, I'd call it a WTFITM.
Peter.
On 2011-12-02 03:18, Adam Back wrote:
[Other aspects of Adam's post elided to be addressed in a different
context. My response here focuses exclusively on the very narrow
question of corporate MITM SSL proxies]
2. corporate LAN SSL MitM (at least the corporation has probably a contract
with all
Now we're getting somewhere. If this is going on even the policy
enforcement aspect of CAs is broken... CAs are subverting their own
certification practice statement. The actions taken by the user of the
sub-CA cert are probably illegal also in the US europe where there are
expectations of
Adam Back a...@cypherspace.org writes:
a public MitM proxy? Or a corporate LAN.
Private organisation.
That intermediate CA needs publishing, and the CA that issued it.
I was asked not to reveal details and I won't, but in any case I don't know
whether it would achieve much. For the case of
On Sat, Dec 03, 2011 at 01:00:14AM +1300, Peter Gutmann wrote:
I was asked not to reveal details and I won't,
Of course, I would do the same if so asked. But there are lots of people on
the list who have not obtained information indirectly, with confidentiality
assurances offered, and for
Adam Back a...@cypherspace.org writes:
[WAP wildcard certs]
That is bad. Are you saying there is anyone doing SSL mitm for stream
compression reasons? Who?
The use of wildard certs in WAP gateways came up from the SSL Observatory
work... hmm, there's at least a mention of it in An Observatory
I wonder what that even means. *.com issued by a sub-CA? that private key
is a massive risk if so! I wonder if a *.com is even valid according to
browsers. Or * that would be funny.
Adam
On Sat, Dec 03, 2011 at 02:24:53AM +1300, Peter Gutmann wrote:
Adam Back a...@cypherspace.org writes:
Adam Back a...@cypherspace.org writes:
I wonder what that even means. *.com issued by a sub-CA? that private key
is a massive risk if so! I wonder if a *.com is even valid according to
browsers. Or * that would be funny.
No idea, but remember that it's not general-purpose browsers, it's
On 2/12/11 23:00 PM, Peter Gutmann wrote:
I guess if you're running into this sort of thing for the first time then
you'd be out for blood, but if you've been aware of this it going on for more
than a decade then it's just business as usual for commercial PKI. I'm
completely unfazed by it, it's
On Fri, Dec 2, 2011 at 4:14 PM, ianG i...@iang.org wrote:
On 2/12/11 23:00 PM, Peter Gutmann wrote:
I guess if you're running into this sort of thing for the first time then
you'd be out for blood, but if you've been aware of this it going on for
more
than a decade then it's just business as
Some random chiming in...
On 2011 Dec 2, at 5:00 , Adam Back wrote:
On Sat, Dec 03, 2011 at 01:00:14AM +1300, Peter Gutmann wrote:
I was asked not to reveal details and I won't,
Of course, I would do the same if so asked. But there are lots of people on
the list who have not obtained
On 3/12/11 03:36 AM, Ben Laurie wrote:
On Fri, Dec 2, 2011 at 4:14 PM, ianGi...@iang.org wrote:
On 2/12/11 23:00 PM, Peter Gutmann wrote:
I guess if you're running into this sort of thing for the first time then
you'd be out for blood, but if you've been aware of this it going on for
more
On Fri, Dec 2, 2011 at 2:00 PM, ianG i...@iang.org wrote:
On 3/12/11 03:36 AM, Ben Laurie wrote:
On Fri, Dec 2, 2011 at 4:14 PM, ianGi...@iang.org wrote:
On 2/12/11 23:00 PM, Peter Gutmann wrote:
I guess if you're running into this sort of thing for the first time
then
you'd be out for
Whoever said security by obscurity doesn't work? Must have been
on something.
Obscurity works for the offense.
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
15 matches
Mail list logo