On 06/10/2013 03:30 PM, Fred Bauder wrote:
you're using https everywhere (and Wikipedia hasn't
unintentionally compromised their certificate).
But simple encryption that NSA can break at will.
No one will bother trying to break SSL/TLS. The NSA certainly doesn't
need to. They can just sign their own certificates and perform
man-in-the-middle attacks. Browsers will in most cases accept those
forged certificates, since the NSA can make sure that they are signed by
a CA trusted by many browsers.
A bit off-topic, but this talk explains everything wrong with the
certificate system: https://www.youtube.com/watch?v=Z7Wl2FW2TcA