LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Trust the root -- trusssst it

Trust the root -- trusssst it

Posted Sep 1, 2011 20:41 UTC (Thu) by robbe (guest, #16131)
In reply to: Fraudulent *.google.com certificate issued by dlang
Parent article: Fraudulent *.google.com certificate issued

How would the Iranian government (which seems to have replaced the Chinese as the traditional bad guy in these kind of plots) impersonate the root?

The only credible opponent in this game is the US government, which through coercion, legal or otherwise, openly or not (National Security letters, anyone?), could influence any of its subjects. But as I understand it the KSK can only be got at by corrupting three individuals, with most of them living outside the US of A -- see http://www.root-dnssec.org/tcr/selection-2010/ for your list of targets.

If the NSA wants to spy on your google.com traffic it is altogether more likely that they would attack com's key via rubber hose techniques, which is probably not as well-protected.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds