On Wed, Jul 31, 2013 at 9:28 PM, Anthony <[email protected]> wrote: > On Wed, Jul 31, 2013 at 5:59 PM, George Herbert <[email protected] > >wrote: > > > The second is site key security (ensuring the NSA never gets your private > > keys). > > > Who theoretically has access to the private keys (and/or the signing key) > right now? > > People who have root at Wikimedia, which is Wikimedia's operations team and a few of the developers.
> The third is perfect forward security with rapid key rotation. > > > > Does rapid key rotation in any way make a MITM attack less detectable? > Presumably the NSA would have no problem getting a fraudulent certificate > signed by DigiCert. > SSL Observatory would likely pick that up if it was done in any large scale. It's less detectable when done in a targeted way, but if that's the case, the person being targeted is already pretty screwed and we wouldn't likely be the site targeted. - Ryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
