[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, Jun 26, 2013 at 9:07 PM, bad apple wrote: > Worth a read, certainly. Also reinforces my contention that if the > spooks have the server signing keys (which they do) SSL is useless. Interesting read, thanks. And yes, obtaining the server signing keys is all the spooks need. But that's practically impossible without some kind of backdoor when the server supports forward secrecy. That's what I referred to when I said "the encryption Google uses generates a unique server-side key for each session". Google supports ECDHE for its SSL sessions. I learned that in this post: http://blog.cloudflare.com/cloudflare-prism-secure-ciphers which looks at the possibilities for PRISM to merely crack SSL. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq