On 2011-09-18 3:37 PM, Marsh Ray wrote:
Now you may be a law-and-order type fellow who believes that "lawful intercept" is a magnificent tool in the glorious war on whatever. But if so, you have to realize that on the global internet, your own systems are just as vulnerable to a "lawfully executed" court order gleefully issued by your adversary (as if they'd even bother with the paperwork).
Doubtless verisign will issue whatever certificates the CIA needs to intercept Al Quaeda communications, if they were silly enough to use https to secure their communications. Unfortunately, chances are that PakExperts will issue whatever certificates Al Quaeda needs to intercept CIA communications, if they were silly enough to use https to secure their communications.
Even within a single country, things can get tense. I am pretty sure that the Pentagon and the State Department would have no difficulty, and no hesitation, in getting certificates to spy on each other.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography