Erik Christiansen <[email protected]> writes: > On 10.09.13 15:44, Trent W. Buck wrote: >> Turkish intelligence don't need to "crack" TLS; they just get Firefox to >> trust them by default, then do the normal MITM dance. I don't see why >> the NSA can't do that, too. > > Thanks, Trent, that link is eye-opening! > > My SSL fu isn't up to grokking how the cert would initially get onto > his machine. Is the extra one sneaked in when firefox is pointed at a > boobytrapped https page?
Erm, Firefox ignores the system certificate list and ships its own default list. AIUI, TUBITAK's key is in it, and trusted by default. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
