Karsten N.: > On 05.07.2013 08:41, Katya Titov wrote: >> You can't really trust the CAs, at least not from state-level >> attackers. > > See: "Certified Lies - Detecting and Defeating Government Interception > Attacks against SSL" ( C. Soghoian and S. Stamm, EFF.org, 2010) > > https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl
Thanks Karsten, Nice summary of the issues and collection of evidence showing that it does happen. Just reinforces: "just because you're paranoid doesn't mean they aren't after you." -- kat _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
