Michael O Holstein:
> Although he doesn't say it directly (this time)
Did he say so directly some other time?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>Web certificates is broke, certification itself might not be fundamentally
>flawed.
Check out Moxie Marlinspike's "Convergence.IO" project :
http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/
Cheers,
Michael Holstein
Cleveland State University
--
tor-talk mailing list - tor
> Note that they'd really only need command of *one* CA that is trusted to pull
> it off (see also the trick that corporate web appliances use to transparently
> intercept SSL) .. although that would make them likely to get caught at it.
Google at least check the root certificate that Google pr
On 01/05/2015 12:44 PM, Michael O Holstein wrote:
> (http://xkcd.com/538/) .. the only applications they have seen
> reported as "no intercept available" are OTR(*) and PGP.
>
What about OpenVPN? I've seen references to IPSEC and PPTP being
compromised, but does this also apply to OpenVPN ( bas
>Could you please explain how to interpret Jacob Appelbaum's talk at 31c3? [1]
>From all the various documents they have collected it's fair to say that at
>the present time, barring non-technical methods (http://xkcd.com/538/) .. the
>only applications they have seen reported as "no intercept a
Hi!
Could you please explain how to interpret Jacob Appelbaum's talk at
31c3? [1]
See also. [2] [3]
Is (almost) all traffic that is protected by the usual SSL CA's browser
encryption being monitored by NSA and friends?
Cheers,
Patrick
[1]
http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_