Hacker News new | ask | show | jobs
by dllthomas 4759 days ago
"They'd have to MITM SSL traffic largely."

To be fair, if anyone can do this it's precisely these people.

... still not likely, though, I agree.
1 comments
reedlaw 4759 days ago
Is that even possible if Google's SSL certs have Extended Validation? They'd have to have cooperation all the way down to the browser vendors and I can't see Mozilla caving that easily.
link
amatix 4759 days ago
There are several governments (Spain, France, Netherlands, Japan) who publicly have Root CAs in the trusted browser list[1]. It seems pretty likely (cf say, Prism) that the NSA has a CA cert where they can generate whatever certificates they want in order to MITM browser SSL communications...

[1] http://www.mozilla.org/projects/security/certs/

link
reedlaw 4759 days ago
Can we remove Root CAs from our browser?

Edit: Found the answer: https://wiki.mozilla.org/CA:UserCertDB

link
dllthomas 4759 days ago
I was referring to cryptographic attacks. Unlikely that they have such, but if anyone does, it's pretty likely to be them.
link