Gov't, certificate authorities conspire to spy on SSL users?

Discussion in 'privacy general' started by lotuseclat79, Mar 31, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Gov't, certificate authorities conspire to spy on SSL users?.

    -- Tom
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From The Internet's Secret Back Door:
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ MrBrian

    Good searching - March 31st ;)

    Trust nobody :D

    Funnily enough PSOL comes pre loaded with these auto allows :p

    ps.gif
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    The SSL system is broken. This has been covered here many times. A couple of good links for further reading:

    http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl

    http://www.crypto.com/blog/spycerts/

    http://www.wired.com/threatlevel/2010/03/packet-forensics/

    From the last article, a GoDaddy rep gives an interview and I found her words very interesting, if not confusing:

    So, she admits they get requests from LEA's "every day" yet have never been asked to do anything inappropriate. My question is, if the LEA's aren't after their certs, then what the heck are they requesting? o_O
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ chronomatic

    You're right to remind/enlighten us :thumb:

    inappropriate She/they could mean Anything ! Inappropriate to who, us or them ? You can bet it won't be them :p

    Exactly, the plot thickens, and we need answers.
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    The sub-sub contracting of certificates is nuts. I've seen web hosts now giving away certificates that are self-signed. It needs a complete overhaul and fast.
     
Loading...
Thread Status:
Not open for further replies.