Hacker News new | ask | show | jobs
by drivebyacct2 4759 days ago
They'd have to MITM SSL traffic largely.

Also, that's what they were doing for more traditional wiretaps and you should be sure that they have access to siphon off live traffic for analysis if they want.
1 comments
dllthomas 4759 days ago
"They'd have to MITM SSL traffic largely."

To be fair, if anyone can do this it's precisely these people.

... still not likely, though, I agree.

link
reedlaw 4759 days ago
Is that even possible if Google's SSL certs have Extended Validation? They'd have to have cooperation all the way down to the browser vendors and I can't see Mozilla caving that easily.
link
amatix 4759 days ago
There are several governments (Spain, France, Netherlands, Japan) who publicly have Root CAs in the trusted browser list[1]. It seems pretty likely (cf say, Prism) that the NSA has a CA cert where they can generate whatever certificates they want in order to MITM browser SSL communications...

[1] http://www.mozilla.org/projects/security/certs/

link
reedlaw 4759 days ago
Can we remove Root CAs from our browser?

Edit: Found the answer: https://wiki.mozilla.org/CA:UserCertDB

link
dllthomas 4759 days ago
I was referring to cryptographic attacks. Unlikely that they have such, but if anyone does, it's pretty likely to be them.
link