[Discuss] root CA bloat
Richard Pieri
richard.pieri at gmail.com
Sun Nov 23 09:53:13 EST 2014
On 11/23/2014 3:26 AM, Bill Bogstad wrote:
> If they did something that Microsoft hadn't requested then I'm pretty
> sure somebody would both notice AND care. This is all in the context
> of attacking the security of Internet communications via a MITM
> attack. If Microsoft (one of the two parties communicating
> in this example) authorized it, then it isn't MITM. Whether it
Ahh. I see what you mean, now. Your argument, that because Microsoft
/did/ authorize MarkMonitor to act as an intermediary makes any
interception not MITM since it's not an unauthorized party listening in,
has merit. But then, the NSA is authorized by law to do the same thing.
Right now, almost the entirety of Internet communications is controlled
by a handful of corporate entities which have even more power than the
NSA to eavesdrop on communications.
The biggest concern that I have isn't that MarkMonitor and its
competitors will eavesdrop. It's that they'll receive national security
letters ordering them to shut everything down.
--
Rich P.
More information about the Discuss
mailing list