➢ then maybe it's not such a "silly accusation" to think that root CAs are routinely distributed to multinational secret ➢ services to perform MITM session decryption on any form of communication that derives its security from the CA PKI.
How would this work, in practice? How would knowing a CA's private key give them knowledge of my key? Or if they issued a fake certificate and keypair, how does that help? They'd also have to suborn DNS and IP traffic such that it would, perhaps eventually or perhaps quickly, become obvious. What am I missing? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography