[lxgr]

What "backdoor" would Let's Encrypt even implement? That's not how a CA works.

They might be compelled to issue a certificate to an unauthorized (by browser PKI policies, not local law) entity, but that would be very conspicuous due to Certificate Transparency.

[firefax]

I suspect any "backdoor" would be inserted at the protocol level. See https://web.archive.org/web/20130918135152/http://www.thegua...

[jcranmer]

How would they do that? The ACME protocol is "take the basic artifacts you use for certificate signing, wrap them in JSON (cryptographically, using standard JWS), then send them over using HTTP + TLS." Every part of that is something for which there exists a buttload of implementations in whatever language you care to use.

[gopher_space]

> How would they do that?

Let me introduce you to the phrase "I don't see a mechanism."

[firefax]

>Let me introduce you to the phrase "I don't see a mechanism."

I'm not familiar with this phrase, but I think I did a good job citing a comparable example in my original post.

[lonjil]

> Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force",

Things that definitely don't happen. Those same encryption standards are used by the US military, and the international cryptography community can pretty readily rule out keyed backdoors.

The thought that supercomputers could break Internet encryption by brute force is laughable. One would have to be innumerate to think such a thing.