[Wikimedia-l] PRISM
Tobias
church.of.emacs.ml at googlemail.com
Mon Jun 10 14:12:00 UTC 2013
On 06/10/2013 03:30 PM, Fred Bauder wrote:
>> Encrypted, if you're using https everywhere (and Wikipedia hasn't
> intentionally or unintentionally compromised their certificate).
>>
>
> But simple encryption that NSA can break at will.
No one will bother trying to break SSL/TLS. The NSA certainly doesn't
need to. They can just sign their own certificates and perform
man-in-the-middle attacks. Browsers will in most cases accept those
forged certificates, since the NSA can make sure that they are signed by
a CA trusted by many browsers.
A bit off-topic, but this talk explains everything wrong with the
certificate system: https://www.youtube.com/watch?v=Z7Wl2FW2TcA
-- Tobias
More information about the Wikimedia-l
mailing list