[enko]

Sorry. I am evidently not explaining myself well.

I am saying that people seem to be putting a lot of trust into HTTPS to shield them from NSA monitoring. If I was the NSA, and could just tap whatever I wanted, I'd obviously set up my tap on the other side of the encrypted tunnel.

And let's not exaggerate. Only a very few organisations would have any ability to read your data even if sent unencrypted, barring of course wifi. It's simply not true that "any/everyone" can see your data if you're on a private LAN at home.

That being said, of course I prefer HTTPS. I just have no illusions that it's going to stop someone who can just waltz into the DC holding an NSL. There's no security from someone with physical access to the network.

[s_q_b]

I think NSA is cognizant of the fact that they could lose the FISA authorization to collect from endpoints at the internet services sometime soon, while they're more likely to retain access to the backbones.

It's bass ackward, since access to the trunk lines lets you read everything. However, most people don't understand what internet backbones are. They do know what PRISM, Facebook, Yahoo, and Google are.

As such, I can see HTTPS providing some limited security from dragnet surveillance, but it certainly wouldn't help if you caught their attention. Remember, NSA can straight up break weak encryption, and SSL/TLS is probably in that category.

[voltagex_]

I think the ability to break SSL would be a major trump card that wouldn't be shown that easily - can you cite any sources?

[s_q_b]

First, FBI cracked 512-bit disk encryption in a recent case, seemingly with NSA help, so it seems they've got some pretty powerful brute forcing capabilities. SSL is generally only 256-bit. http://www.fiercecio.com/techwatch/story/fbi-cracks-encrypte...

Second, since some sites don't use Diffie Hellman key exchange (which provides for perfect forward secrecy), they don't even need to work that hard. They can just grab the keys in transit.

Third, with a MITM attack, you can just drop in a box that makes SSL connections on both ends transparently. Therefore neither endpoint knows the encryption is being routed through a third malicious point. See e.g. http://www.zdnet.com/how-the-nsa-and-your-boss-can-intercept...

None of this proves definitively that the NSA can do this, but it does mean that if you have something to hide you'd be foolish to rely purely upon SSL.

[enko]

Some very doubtful assertions here.

> FBI cracked 512-bit disk encryption in a recent case

Very hard to believe that they brute-forced 512-bit AES. More likely they guessed, or otherwise located, the key, or found some implementation flaw in the software/device.

> don't even need to work that hard. They can just grab the keys in transit.

If and only if they have the private key. Which, I concede, they may well be able to get.

> Third, with a MITM attack, you can just drop in a box that makes SSL connections on both ends transparently

No you can not, not without installing a cert on every single user's machine. This would have been noticed if it was going on.

I admit that now I think about it, putting taps on DC data connections and simply requiring sites or the DC to provide any and all private keys would be substantially less invasive/visible than actually putting taps into the building, and with basically the same effectiveness (except for the PFS thing).

[kronusaturn]

RC4 is still a very widely used cipher, and its security is pretty questionable. See, for instance, http://www.isg.rhul.ac.uk/tls/

[enko]

s_q_b, you are hellbanned. I can't reply directly.

I don't really believe the NSA can effortlessly break TLS at will. That just seems too far fetched. What kind of alien supertechnology do people suppose they have?

I prefer Occam's razor. If the NSA are interested in XYZ.com, they'll just go to XYZ.com's DC and put a damn traffic splitter on their network. There wouldn't be too many XYZ.coms before they covered a huge majority of the kind of traffic they're interested in.

Sure, they'll do the backbone listening as well, just because they can, but most of the time I don't see why they'd bother. Sure they could lose the authorisation. An asteroid could hit the earth. In the meantime...

edit: s_q_b's hellban seems even less justified than usual.

edit 2: nice work removing the hellban, mysterious admin person. Was not justified.