➢ then maybe it's not such a silly accusation to think that root CAs are
routinely distributed to multinational secret
➢ services to perform MITM session decryption on any form of communication
that derives its security from the CA PKI.
How would this work, in practice? How would knowing a
* NSA employees participted throughout, and occupied leadership roles
in the committee and among the editors of the documents
Slam dunk. If the NSA had wanted it, they would have designed it themselves.
The only
conclusion for their presence that is rational is to sabotage it [3].
Yesterday, Apple made the bold, unaudited claim that it will never save the
fingerprint data outside of the A7 chip.
Why should we trust Cook Co.?
I'm not sure it matters. If I want your fingerprint, I'll lift it off your
phone.
--
Principal Security Engineer
Akamai Technology
I know I would be a lot more comfortable with a way to check the mail against
a piece of paper I received directly from my bank.
I would say this puts you in the sub 1% of the populace. Most people want to
do things online because it is much easier and gets rid of paper. Those are
the
Bill said he wanted a piece of paper that could help verify his bank's
certificate. I claimed he's in the extreme minority who would do that and he
asked for proof.
I can only, vaguely, recall that one of the East Coast big banks (or perhaps
the only one that is left) at one point had a
Last week, the American TV show Elementary (a TV who-done-it) was about the
murder of two mathematicians who were working on proof of P=NP. The
implications to crypto, and being able to crack into servers was covered. It
was mostly accurate, up until the deux ex machine of the of the NSA hiding
TLS was designed to support multiple ciphersuites. Unfortunately this opened
the door
to downgrade attacks, and transitioning to protocol versions that wouldn't do
this was nontrivial.
The ciphersuites included all shared certain misfeatures, leading to the
current situation.
On the
The simple(-minded) idea is that everybody receives everybody's email, but
can only read their own. Since everybody gets everything, the metadata is
uninteresting and traffic analysis is largely fruitless.
Some traffic analysis is still possible based on just message originator. If I
see