[Cryptography] Opening Discussion: Speculation on "BULLRUN"
rsalz at akamai.com
Mon Sep 9 12:04:17 EDT 2013
➢ then maybe it's not such a "silly accusation" to think that root CAs are routinely distributed to multinational secret
➢ services to perform MITM session decryption on any form of communication that derives its security from the CA PKI.
How would this work, in practice? How would knowing a CA's private key give them knowledge of my key? Or if they issued a fake certificate and keypair, how does that help? They'd also have to suborn DNS and IP traffic such that it would, perhaps eventually or perhaps quickly, become obvious.
What am I missing?
Principal Security Engineer
More information about the cryptography