Law Enforcement Appliance Subverts SSL
Rui Paulo
rpaulo at gmail.com
Wed Mar 24 15:14:55 EDT 2010
http://www.wired.com/threatlevel/2010/03/packet-forensics/
"At a recent wiretapping convention however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds designed to intercept those communications, without breaking the encryption, by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities."
--
Rui Paulo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list