[Wikimedia-l] PRISM
Svavar Kjarrval
svavar at kjarrval.is
Mon Jun 10 17:45:58 UTC 2013
On 10/06/13 14:12, Tobias wrote:
> No one will bother trying to break SSL/TLS. The NSA certainly doesn't
> need to. They can just sign their own certificates and perform
> man-in-the-middle attacks. Browsers will in most cases accept those
> forged certificates, since the NSA can make sure that they are signed by
> a CA trusted by many browsers.
With all the computing power they do have and will have they could, in
theory, try to break the CA certificates themselves. They can collect
and store the encrypted traffic and then at any time decrypt said
traffic when they've done breaking the CA certificate used to encrypt
it. It could be worth it for them in case of the big CAs.
For all we know, the big CAs could have received secret court orders
where they are required to hand over the certificates themselves,
foregoing the aforementioned step.
This incertainty due to this kind of secrecy isn't good for the mind.
- Svavar Kjarrval
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wikimedia.org/pipermail/wikimedia-l/attachments/20130610/42d94065/attachment.pgp>
More information about the Wikimedia-l
mailing list