Anonymous Source Claims Feds Demand Private SSL Keys From Web Services 276
Lauren Weinstein writes "With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their 'master' SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad. It is now abundantly clear — as many of us have suspected all along — that governments and surveillance agencies of all stripes — Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications."
If this is true it means that SSL/TLS to any Internet service could be useless — the authorities could simply man-in-the-middle anyone. Without knowing who has given keys over, or if anyone has given keys over... The NSA does claim encryption poses a problem for them, but honesty isn't their best attribute. The source claims that major providers at least have resisted (assuming it is happening), but that smaller companies may have folded to the pressure.
"Main-in-the-middle"? (Score:5, Funny)
Well, at least it's not "man-in-the-middle" because that would be bad.
Time To Learn Klingon (Score:2, Funny)
Time to learn Klingon, or invest in carrier pigeons and a Little Orphan Annie decoder pin.
I wonder if our government will be responsible for single handedly killing our consumer tech industry.
Re:Time To Learn Klingon (Score:5, Funny)
We're talking about the NSA. Half of the probably play Klingon Boggle at lunch.
Re:"Main-in-the-middle"? (Score:3, Funny)
Re:"Main-in-the-middle"? (Score:5, Funny)
It's the "government on top" attack.
Don't you mean "government from behind"?