[cryptography] Gmail and SSL
drwho at virtadpt.net
Mon Dec 17 11:25:52 EST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 12/17/2012 11:18 AM, Andy Steingruebl wrote:
> Do you have proof of that or just speculation?
CAs have been compromised. A few: Comodo. Diginotar. KPN.
If a lone attcker can crack a CA and cut arbitrary certs, a
state-sponsored actor could as well.
As for buying MITM certs for DLP:
Can a CA that's done this in the past be trusted not to do it again in
the future? I don't think so. If one does it, that gives the idea to
others, and they might not get caught. There is a lot of money that
could be made selling them as well as a market for them (the same
market for DLP hardware). See also, Jeff Walton's post earlier to
The Doctor [412/724/301/703] [ZS|Media]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
FizerPharm: Trust. Profit. Deniability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the cryptography