On Jan 2, 2013 7:36 PM, "William Herrin" <b...@herrin.us> wrote: >
> > > > Me, no, although I have read credible reports that otherwise reputable SSL > > signers have issued MITM certs to governments for their filtering firewalls. > That's not the case join is referring to. > The governments in question are watching for exfiltration and they No, not really. Some are busy tracking "dissidents" among their populations. > largely use a less risky approach: they issue their own root key and, > in most cases, install it in the government employees' browser before > handing them the machine. > Not just for employees. > A "reputable" SSL signer would have to get outed just once issuing a > government a resigning cert and they'd be kicked out of all the > browsers. They'd be awfully easy to catch. > Oh! You mean like cyber trust and etilisat? Right... That's working just perfectly... > Regards, > Bill Herrin > > > -- > William D. Herrin ................ her...@dirtside.com b...@herrin.us > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 >
