[Cryptography] Blue Coat has been issued a MITM encryption certificate

Stephen Farrell stephen.farrell at cs.tcd.ie
Thu Jun 9 14:58:40 EDT 2016

On 09/06/16 15:18, Rob Stradling wrote:
> On 29/05/16 13:55, Stephen Farrell wrote:
>> 1 - yay for certificate transparency - CAs behaving oddly being spotted
>>     and outed is good
> Yay for CT indeed, but FWIW it wasn't CT that detected this one.
> On 31/05/16 17:44, Peter Bowen wrote:
> <snip>
>> Mozilla is working on getting all CAs to add info on their issuing CAs
>> to their database; you can see the current status at
>> https://mozillacaprogram.secure.force.com/CA/PublicAllIntermediateCerts.
>> If there are checkboxes under both "CP/CPS Same As Parent" and "Audit
>> Same As Parent", then it is safe to assume that the issuing CA is just
>> a branded CA operated by the parent.
> The Bluecoat intermediate (https://crt.sh/?id=19538258) first came to
> light when Symantec disclosed it to Mozilla.
> I'm tracking intermediates that have been disclosed to Mozilla but not
> (yet) submitted to CT (see https://crt.sh/mozilla-disclosures).  When I
> saw the Bluecoat intermediate, I submitted it to some CT logs.

In that case, yay for CT and for Rob! Whether the transparency is
due to CT or something else isn't such a major deal so long as we
get the efects. But thanks for clarifying the record.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160609/d5b523a1/attachment.bin>

More information about the cryptography mailing list