[Cryptography] Blue Coat has been issued a MITM encryption certificate
Phillip Hallam-Baker
phill at hallambaker.com
Tue May 31 10:34:07 EDT 2016
On Sun, May 29, 2016 at 8:55 AM, Stephen Farrell <stephen.farrell at cs.tcd.ie>
wrote:
>
>
> On 29/05/16 02:35, Henry Baker wrote:
> > FYI --
> >
> > http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
> >
> > A Controversial Surveillance Firm Was Granted a Powerful Encryption
> Certificate
> > Written by Joseph Cox, Contributor
>
> Yeah, two things strike me:
>
> 1 - yay for certificate transparency - CAs behaving oddly being spotted
> and outed is good
>
> 2 - what kind of "testing" would require symantec to issue a CA
> cert with path-len 0 and for symanetec to hold the private key? I
> can't figure anything that makes sense unless symantec were thinking
> of actively helping blue coat spoof web sites better, maybe at
> run-time, or on a case-by-case basis - or am I missing something?
>
> Cheers,
> S.
For the benefit of us who can't remember, what is the effect of path-len 0?
As in, what is the effect on systems out there in the wild as opposed to
what does the spec say. Is there a difference and if so for what systems?
Does 0 = infinity? Probably not in the spec but what about elsewhere?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160531/d373f98a/attachment.html>
More information about the cryptography
mailing list