[146959] in cryptography@c2.net mail archive
[Cryptography] Reports: NSA,
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 10 11:31:55 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 10 Sep 2013 11:31:48 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
The story has been floating around for some days now. Apparently, Man
in the Middle attacks have been used quite extensively, including
against the Brazilian state oil company, and a major international
wire transfer network.
http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html
I think this indicates that Certificate Transparency and similar
techniques need to be deployed quickly. CAs have been dead as a
form of real assurance for some time now, but at this point the dance
party on the grave has gone on a bit too long.
Perry
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
