On Jan 20, 2012, at 10:05 AM, Vesna Manojlovic wrote: > 'morning > > On Thu, 19 Jan 2012, Paul Hoffman wrote: >> Which attacks are we interested in? >> >> a) Attackers can get a trusted PKIX certificate due to errors on the >> part of some CAs that are trusted by web browsers. > > I would like to add: > > d) Atacker can get a trusted PKIX certificate due to a legislation / law > that enables them to order some CAs to hand out that PKIX certificate > > In light of SOPA/PIPA, ACTA, and Iranian (etc) government.
You don't need any special legislation. If the FBI/DHS contacts an American CA, tells them they're following some terrorists who are planning some big attack in the US, and need a certificate in order to listen in on their communications, most people would help their government. Even without the coercion of law enforcement. _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
