Quoting Trent W. Buck ([email protected]): > Turkish intelligence don't need to "crack" TLS; they just get Firefox to > trust them by default, then do the normal MITM dance. I don't see why > the NSA can't do that, too. > > http://www.cl.cam.ac.uk/~rja14/Papers/sefa-pr11.pdf (p2)
As Schneier often points out, NSA (like GCHQ, DSD, and others) don't attack strong crypto directly any time they have an option to cheat. ;-> (My own preference is to move away from relying on CA attestations as much as possible.) _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
