[clug] SSL Man-in-the-Middle attack - by "Law Enforcement"?

Arjen Lentz arjen at lentz.com.au
Wed Mar 24 20:47:24 MDT 2010

Hi Steve

----- "steve jenkin" <sjenkin at canb.auug.org.au> wrote:
> Comments?
> <http://www.crypto.com/blog/spycerts/>

Not being naive, we can say "bound to happen", "predictable" - but it's very annoying.

What SSL cert authorities actually sell is "trust by proxy".
That is, I purchase an SSL cert from them so that my clients can trust me.

I'd prefer a system that does not rely on intrinsic trust in anybody - but we don't have that.
So now we have a problem, whereby I get pay regular or premium rates for an SSL cert of whatever nice fancy-stamp-for-client level, to potentially get screwed over anyhow.
All this in a mix of "(national?) security" justification and unsmart commercial enterprisy-ness.

That makes me very unhappy.
No trust from anyone to anyone, and I still have to pay for it. That's just grand.

Arjen Lentz, Exec.Director @ Open Query (http://openquery.com)
Exceptional Services for MySQL at a fixed budget.

Follow our blog at http://openquery.com/blog/
OurDelta: packages for MySQL and MariaDB @ http://ourdelta.org

More information about the linux mailing list