[cap-talk] Questions about Zooko's triangle
David Barbour
dmbarbour at gmail.com
Fri Feb 11 16:10:20 PST 2011
On Fri, Feb 11, 2011 at 4:00 PM, Ben Laurie <benl at google.com> wrote:
>> Yes. If the CA is within that intelligence agency's jurisdiction, they
>> can decrypt traffic to any sites using that CA, even if they are hosted
>> in other countries, with no one the wiser. Subverting the endpoint
>> involves operating outside national borders in such a case.
>
> This is not true. Some ciphersuites require an active attack.
Tapping a CA in the agency's jurisdiction doesn't require a
cryptographic attack. It might take a warrant.
More information about the cap-talk
mailing list