[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How evil is TLS cert collection?

On 03/20/2011 08:05 PM, Mike Perry wrote:

>> if EFF was presented with a national security letter or other legal
>> demand under seal demanding the existence of a given certificate not
>> be exposed, would they be bound to not present a MITM alert for that
>> cert?
> Leaving this for pde and/or Seth.

It's a question for our legal team. I'll ask them.

The main thing is that this feature is not intended for true real-time
MITM alerts. It's for research and study, and I hesitate to overload it
for MITM detection for all sorts of technical reasons, including those
Mike has raised.

Chris Palmer
Technology Director, Electronic Frontier Foundation
tor-talk mailing list