On Jan 2, 2013 7:36 PM, "William Herrin" <bill@herrin.us> wrote:
Me, no, although I have read credible reports that otherwise reputable
SSL
signers have issued MITM certs to governments for their filtering firewalls.
That's not the case join is referring to.
The governments in question are watching for exfiltration and they
No, not really. Some are busy tracking "dissidents" among their populations.
largely use a less risky approach: they issue their own root key and, in most cases, install it in the government employees' browser before handing them the machine.
Not just for employees.
A "reputable" SSL signer would have to get outed just once issuing a government a resigning cert and they'd be kicked out of all the browsers. They'd be awfully easy to catch.
Oh! You mean like cyber trust and etilisat? Right... That's working just perfectly...
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004