Kent Borg wrote:
That doesn't give them session keys for communications.
If the NSA can get copies of the public root certificates then they can either get the site/server certs from the CAs or forge their own. Either way, a compromised root certificate is the key to the entire chain of trust.
Self-signed certificates can't be compromised this way because there is no root CA involved. On the other hand, the quantity of traffic encrypted with self-signed certificates is quite small compared to the traffic encrypted with public CA certificates. Most of these use AES as one of the preferred ciphers. AES, a cipher approved by the NSA for commercial use. There is no doubt in my mind that the NSA can break AES in substantially less than polynomial time.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
