Hacker News new | ask | show | jobs
by reedlaw 4759 days ago
Is that even possible if Google's SSL certs have Extended Validation? They'd have to have cooperation all the way down to the browser vendors and I can't see Mozilla caving that easily.
2 comments
amatix 4759 days ago
There are several governments (Spain, France, Netherlands, Japan) who publicly have Root CAs in the trusted browser list[1]. It seems pretty likely (cf say, Prism) that the NSA has a CA cert where they can generate whatever certificates they want in order to MITM browser SSL communications...

[1] http://www.mozilla.org/projects/security/certs/

link
reedlaw 4759 days ago
Can we remove Root CAs from our browser?

Edit: Found the answer: https://wiki.mozilla.org/CA:UserCertDB

link
dllthomas 4759 days ago
I was referring to cryptographic attacks. Unlikely that they have such, but if anyone does, it's pretty likely to be them.
link