[skuhn]

I agree, this is not really breaking news. The reality is that any company that wants to operate within the confines of the law can be compelled to work against its purported customers -- no one wants to go to jail because of your website.

One nit to pick: obtaining Verisign's root CA key isn't enough to decrypt traffic over the wire. That would just allow Uncle Sam to issue fake certs that appear to be from Verisign. I think that savvy users might still notice that their cert looks different now (fingerprint, expiration, other details), and put the pieces together. Maybe you use a CA whose root key hasn't been obtained yet. I highly doubt the NSA or whomever would let a fake but validly signed cert into the wild where it can be captured and used to prove their capabilities once and for all.

They might use such a cert in a controlled environment where they are going to seize the target's system in a few minutes, I suppose. Instead, what they really need is either a way to break 2048-bit RSA (not inconceivable) or a way to get your real cert's private key.

To your point about trust and CAs: I don't think it's truly a matter of trust. Verisign, GlobalSign, Digicert, Entrust, et. al. are all businesses. They are not inherently untrustworthy (nor trustworthy), they do what they must to be profitable and stay in business. It turns out that end user trust is substantially less important to that equation than remaining in compliance with the government of their host country.

I don't know how you solve that problem. The best thing about the early Internet was that, while heavily US-centric, it was often able to fly under the radar of government oversight and, to an extent, the rule of unpleasant laws. That's no longer possible. The Internet is a source of power and money, and now it has to contend with the oversight and regulation of thousands of governments doing what they do.

[mike_hearn]

There isn't any way to solve it. People's fears about the PKI boil down to "if I trust anyone else at all, they might betray me". And yet using encryption without trusting other people is impossible. You aren't going to build your own computer from scratch, for example.

I think our industry needs to collectively move beyond "zomg CA's are pwned by governments". It's just unhelpful. Firstly there's no evidence it's true. A bogus cert would be strong evidence, documents from the Snowden archive talking about compromising CA's would be evidence ..... so far we have zilch.

But even if one day it does happen - what next? You end up down the "what if my CPU is backdoored" rabbit hole. Ultimately you have to ignore adversaries that have unlimited power and focus on the ones that do have limits. There's no other way to stay sane.

[skuhn]

I agree with you, from a day-to-day standpoint there really is nothing to be done and little point in worrying about it. The only solution is to stop using technology, and that proposition isn't very attractive.

While the ideal solution is technical -- no one can see or interfere your stuff without your permission -- it isn't practical. Solving the problem with laws and societal pressure is more realistic, although still verging on impossible.