Hi, as we all know from the NSA disclosures of Edward Snowden, the NSA is collecting data and has access to any data that is available in the USA. We've also learned that companies which are located on USA soil, must hand the NSA and other governmental institutions any requested data available.
This raises the question if the root certificates of CAs that are located on USA soil are still trustworthy or if the private keys of those certificates have been handed over to the NSA and allow the NSA to generate VALID certificates for any situation and in any form necessary. I'm talking about MITM attacks and redirects to web servers that do not belong to the domain that the certificate shown was issued for and which are manipulated to install spyware and stuff. There are tons of other possibilities imaginable… So are they still trustworthy? KR, Oliver _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
