➢ then maybe it's not such a "silly accusation" to think that root CAs are
routinely distributed to multinational secret
➢ services to perform MITM session decryption on any form of communication
that derives its security from the CA PKI.
How would this work, in practice? How would knowing a CA's private key give
them knowledge of my key? Or if they issued a fake certificate and keypair,
how does that help? They'd also have to suborn DNS and IP traffic such that it
would, perhaps eventually or perhaps quickly, become obvious.
What am I missing?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
