[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>, "Jacob Appelbaum" <jacob@xxxxxxxxxxxxx>
Subject: Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
From: Michael O Holstein <michael.holstein@xxxxxxxxxxx>
Date: Mon, 5 Jan 2015 17:44:32 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.holstein@xxxxxxxxxxx;
Cc: Whonix-devel <whonix-devel@xxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 13:18:12 -0500
In-reply-to: <54AAA6E4.2010003@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54AAA6E4.2010003@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQHQKPhUF6XPynIzGU+BJS3ZSk3JdpyxxXW0
Thread-topic: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?

>Could you please explain how to interpret Jacob Appelbaum's talk at 31c3? [1]

From all the various documents they have collected it's fair to say that at the present time, barring non-technical methods (http://xkcd.com/538/) .. the only applications they have seen reported as "no intercept available" are OTR(*) and PGP.

>Is (almost) all traffic that is protected by the usual SSL CA's browser
>encryption being monitored by NSA and friends?

Although he doesn't say it directly (this time) I think it's safe to assume the answer is "yes" .. there have been notable thefts of keysigning material from commercial CA's by non-government criminal groups. To assume the three-letter folks don't also engage in such endeavors is foolish at best.

Note that they'd really only need command of *one* CA that is trusted to pull it off (see also the trick that corporate web appliances use to transparently intercept SSL) .. although that would make them likely to get caught at it. 

(*) : OTR uses DH with PFS and a short temporal keylife, so not all that different that some of the non-default (ha ha NSA) IKE proposals. Granted, due to laziness most businesses don't apply ultra-paranoid configurations to their VPN tunnels because it affects performance and confuses the other guy .. but I'm curious if *properly configured* IPSEC similarly suffers.


Cheers,

Michael Holstein
Cleveland State University

PS: Jacob, thank-you as always for everything you do.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
  - From: h0ost
- Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
  - From: Patrick Schleizer

References:
- [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
  - From: Patrick Schleizer

Prev by Author: Re: [tor-talk] [rt.torproject.org #38223] Firefox Web Shortcuts
Next by Author: Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
Previous by thread: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
Next by thread: Re: [tor-talk] How much of SSL CA protected traffic is read by NSA etc. according to...?
Index(es):
- Author
- Thread