Posted Mar 25, 2010 3:09 UTC (Thu) by martinfick
In reply to: DNSSEC
Parent article: Blaze: The Spy in the Middle
Why would the US govt having control over the signing key for .us make
interception easier than them having control of N of the M signing keys
browsers trust for SSL?
Since in one case interception is easy for 100% of the cases that I
specified (US domain traffic), and in the other case, interception is only
easy for a fraction of the US domain, i.e that fraction of the US sites
which are signed by the N US gov. controlled keys.
(I hope you don't think the US Govt somehow lacks the ability to sign
arbitrary SSL certificates...)
Why wouldn't they? Even I can sign any arbitrary key, as long as I can see
it. But what good does it do for them or me for intercepting traffic? It
is only valuable if they/I can sign it with the key of a CA that others
to post comments)