Erik Christiansen writes: > Given the media reports of the NSA using several supercomputers to > crack SSL traffic (with some degree of success apparently) it may be > that they don't have anything but brute force and possibly a few > cryptology tricks, so far. (Depending on how much credence is to be > given to anything heard in the media.)
Turkish intelligence don't need to "crack" TLS; they just get Firefox to trust them by default, then do the normal MITM dance. I don't see why the NSA can't do that, too. http://www.cl.cam.ac.uk/~rja14/Papers/sefa-pr11.pdf (p2) | At the authentication workshop following FC2011 I asked a panelist | from the Mozilla Foundation why, when I updated Firefox the previous | day, it had put back a certificate I’d previously deleted, from an | organisation associated with the Turkish military and intelligence | services. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
