[tor-bugs] #19192 [Applications/Tor Browser]: untrust bluecoat CA
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 28 20:08:38 UTC 2016
#19192: untrust bluecoat CA
--------------------------------------+--------------------------
Reporter: mrphs | Owner: tbb-team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by yawning):
{{{
Changing severity to reflect the impact that having BlueCoat as a trusted
intermediary would have on end-users. It would not surprise me if
BlueCoat's move were a way to quietly support one of the many countries
experimenting with national SSL/TLS certificates. It's an excellent way to
silently mitm, I'll give them that much.
}}}
If this was part of some evil plan, wouldn't they have gotten an
intermediate CA that can create more CAs (the pathlen in their cert is `0`
so it can only sign leafs). What are they gonna do, distribute the CA
private key in every single one of their shit boxes? `*.google.com` MITM
certs as a service? What?
We've so far avoided from getting into the "which CAs are evil" game,
despite people complaining (for good reason), about CAs being run by
actual nation states...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19192#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list