[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

James A. Donald jamesd at echeque.com
Sat Sep 17 23:01:59 EDT 2011


On 2011-09-18 12:03 PM, Arshad Noor wrote:
> Why is it the most plausible assumption? Isn't it far easier to
> replace the cryptographic libraries on PCs with one that has a
> "wrapper" that copies all payloads before encryption and after
> decryption, and transmits the payload to the snooper?

That is a black bag job.  State security would have to sneak in, sneak 
out.  Might get jumped, beaten up, attacked by dogs.  Government 
employees are important people who do not expose themselves to such 
lowly hazards.




More information about the cryptography mailing list