➢  then maybe it's not such a "silly accusation" to think that root CAs are 
routinely distributed to multinational secret
➢  services to perform MITM session decryption on any form of communication 
that derives its security from the CA PKI.

How would this work, in practice?  How would knowing a CA's private key give 
them knowledge of my key?  Or if they issued a fake certificate and keypair, 
how does that help?  They'd also have to suborn DNS and IP traffic such that it 
would, perhaps eventually or perhaps quickly, become obvious.

What am I missing?

        /r$
--  
Principal Security Engineer
Akamai Technology
Cambridge, MA



_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to