[Cryptography] Reports: NSA, GCHQ used forged certs to impersonate Google
Perry E. Metzger
perry at piermont.com
Tue Sep 10 11:31:48 EDT 2013
The story has been floating around for some days now. Apparently, Man
in the Middle attacks have been used quite extensively, including
against the Brazilian state oil company, and a major international
wire transfer network.
I think this indicates that Certificate Transparency and similar
techniques need to be deployed quickly. CAs have been dead as a
form of real assurance for some time now, but at this point the dance
party on the grave has gone on a bit too long.
Perry E. Metzger perry at piermont.com
More information about the cryptography