Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit : > To Alexandre Belgrand > > I'm intrigued how you know can catagorically state "CAs and GNU/Linux > distributions are #1 targets for national > intelligence agencies". This is classified information and therefore > only available to a "Spook". Otherwise, it's entered the public > domain > via say a whistle blower like Ed Snowden. If that's how you came upon > it, please state the source and location.
I am not a whistle blower, but I believe that all CAs and GNU/Linux distributions are primary targets for Intelligence agencies. This is not secret, this is why I am writing it, sitting behind my real IP. You will find this information on Internet. Look for the recent problems with China for example. Stealing root certificates allow Intelligence agencies to set-up mirage Internet : i.e. decrypt SSL/crypted content and present modified content to the user and make man-in-the-middle attack. Think about Debian private keys. The keys are stored on a server in a datacenter, not even on smartcards. What can stop a remote attacker with a remote console (either directly or using Intel ME) from stealing the keys and then breaking password using a keylogger in Intel ME. Answer : nothing can stop a local government from doing so. Think about SSL X509 certificates. To deliver encrypted content, the private key has to be on the server. You only need serial console access to steal the private key. The only solution is to compile the same bytecode and verifying hashes online, but Debian is lagging behind important patches, because they don't understand what already happened. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7855e6cc67bad1e8aca6e6837426a63869e5289c.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.