[Cryptography] Reports: NSA, GCHQ used forged certs to impersonate Google

Perry E. Metzger perry at piermont.com
Tue Sep 10 11:31:48 EDT 2013


The story has been floating around for some days now. Apparently, Man
in the Middle attacks have been used quite extensively, including
against the Brazilian state oil company, and a major international
wire transfer network.

http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html

I think this indicates that Certificate Transparency and similar
techniques need to be deployed quickly. CAs have been dead as a
form of real assurance for some time now, but at this point the dance
party on the grave has gone on a bit too long.

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list