SSL MITM attack vs wiretap laws question

2007-05-05 Thread Alex Alten
I have a question about the legality of doing a successful MITM attack against SSL (server-side authentication only). This is mainly a USA only question. Although Europe and Japan is of interest too. This is not a CALEA or ETSI type of situation. If the SSL connection is traversing an

Re: phone encryption technology becoming popular in Italy

2007-05-05 Thread Hagai Bar-El
Hello, On 02/05/07 20:12, Dave Korn wrote: Interesting, but of course they're still a good way from 100% secure. It's really great that they issue the source, but unless they also issue the toolchain, and the source to the toolchain, so that anyone who wants can recompile and reflash their

Re: Was a mistake made in the design of AACS?

2007-05-05 Thread Steve Schear
At 07:50 AM 5/4/2007, Nicolas Williams wrote: On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote: At 03:52 PM 5/2/2007, Ian G wrote: This seems to assume that when a crack is announced, all revenue stops. This would appear to be false. When cracks are announced in such systems,

Re: Was a mistake made in the design of AACS?

2007-05-05 Thread Hal Finney
Allen [EMAIL PROTECTED] writes: I know I'm in over my head on this so my apologies, but if the key is used in one machine in a product line - Sony DVD players say - then if they find the one machine that it came from and disable it, wouldn't figuring out the key for the next machine in

Re: Yet a deeper crack in the AACS

2007-05-05 Thread Hal Finney
Article AACS cracks cannot be revoked, says hacker Excerpt: The latest attack vector bypasses the encryption performed by the Device Keys -- the same keys that were revoked by the WinDVD update --