D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT surveillance

 

On Wed, Jun 26, 2013 at 5:01 PM, bad apple wrote:
> 2: SSL is a red herring - the relevant agencies already have all CA keys
> through escrow or can force disclosure at will.

Could you expand on this? For I believe that with the CA signing keys,
which I assume the agencies to have access to, and with the ability to
route traffic to your servers, which I assume the agencies to be able
to do, you can make the vast majority of people believe that they are
connecting to the real service.

But some people will notice. And make a fuss.

Mind you, they don't need to issue fake certificates if they are able
to force these providers to install backdoors.

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq