The argument is made that a rogue cert from CNNIC would be solid proof. But if CNNIC is wanting to use this to catch specific dissidents, rather than intercept traffic in large amounts, the attack could be done with low probability of discovery. Essentially, determine the IP of the user you are trying to trap, and the service you want to snoop, and send a rogue cert to only that IP for that hostname. If used very sparingly, they could probably nab a few key people without getting caught.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds