Karl's Blog

The End of SSL as We Know It


It was recently announced that Symantec had given an intermediate Cert to Blue Coat Network which provides network security devices for many agencies including the United States government including the military.

What is an intermediate cert and what can it be used for? An intermediate cert is generated from a certificate authority's top level cert and allows the holder to generate their own SSL certs for any domain which by default will be trusted over the internet as legitimate. So an example scenario could be that when you visit a site with SSL (https) and the browser does not report security errors, the user trust that they are at the verified site and that the traffic to and from that website can not be spied on whether it be financial or just browsing traffic.