[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Arshad Noor arshad.noor at strongauth.com
Sat Sep 17 23:18:22 EDT 2011


On 09/17/2011 08:01 PM, James A. Donald wrote:
> On 2011-09-18 12:03 PM, Arshad Noor wrote:
>> Why is it the most plausible assumption? Isn't it far easier to
>> replace the cryptographic libraries on PCs with one that has a
>> "wrapper" that copies all payloads before encryption and after
>> decryption, and transmits the payload to the snooper?
>
> That is a black bag job. State security would have to sneak in, sneak
> out. Might get jumped, beaten up, attacked by dogs. Government employees
> are important people who do not expose themselves to such lowly hazards.
>

Why do we assume that government spies will go to such lengths to get
at an individual's data, when a downloaded root-kit on the target PC
suffices?

Arshad Noor
StrongAuth, Inc.



More information about the cryptography mailing list