How do we know intelligence agencies are not in collusion with certificate authorities though? What if they actually have access to ROOT CA private keys and can just automatically strip https from most of the traffic in their mass surveillance software? This is something I found with a very quick search: en.wikipedia.org/wiki/DigiNotar
Yeah sure but defending against nation state intelligence agencies is a thread model few people have. It’s also not really realistic unless you go to paranoia level mitigations.
hisao@ani.social 2 weeks ago
How do we know intelligence agencies are not in collusion with certificate authorities though? What if they actually have access to ROOT CA private keys and can just automatically strip https from most of the traffic in their mass surveillance software? This is something I found with a very quick search: en.wikipedia.org/wiki/DigiNotar
PlexSheep@infosec.pub 2 weeks ago
Yeah sure but defending against nation state intelligence agencies is a thread model few people have. It’s also not really realistic unless you go to paranoia level mitigations.