I wrote:
Ohta-san is using the term MiTM in an unusual way.
Wrong. See, for example,
https://www.eff.org/deeplinks/2011/09/post-mortem-iranian-diginotar-attack
More facts have recently come to light about the compromise
of the DigiNotar Certificate Authority, which appears to have
enabled Iranian hackers to launch successful man-in-the-middle
attacks against hundreds of thousands of Internet users inside
and outside of Iran.
Sorry, this is not a good reference because it mentions MitM attack
on ISP chain is enabled by diginotar.
A proper reference is:
https://www.thesslstore.com/knowledgebase/ssl-support/explaining-the-chain-of-trust/
Intermediate Certificate – Intermediate certificates branch
off of root certificates like branches off of trees. They
act as middle-men between the protected root certificates
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and the server certificates issued out to the public.
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
