On 29/05/14 07:01, Mike Hoye wrote: > It's become clear in the last few months that the overwhelmingly most > frequent users of MITM attacks are state actors with privileged network > positions either obtaining or coercing keys from CAs,
I don't think that's clear at all. Citation needed. I think it's more likely that they are intercepting SSL using crypto or implementation vulnerabilities without explicit CA cooperation. > using attacks that > the CA model effectively endorses, using tech you can buy off the shelf. > In that light, it's not super-obvious what SSL certs protect you from > apart from some jackass sniffing the coffeeshop wifi. Even if you are right, the answer is still "everyone apart from the US government". Gerv _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform