10 Sep
2013
10 Sep
'13
6:40 p.m.
Quoting Trent W. Buck (trentbuck@gmail.com):
Turkish intelligence don't need to "crack" TLS; they just get Firefox to trust them by default, then do the normal MITM dance. I don't see why the NSA can't do that, too.
As Schneier often points out, NSA (like GCHQ, DSD, and others) don't attack strong crypto directly any time they have an option to cheat. ;-> (My own preference is to move away from relying on CA attestations as much as possible.)