The latest from Snowden
-
So can we get SSL enabled here yet?
-
@Nic Why is this a suprise? It's obvious he still has dirt to spill. Just look at how Putin laughed about the puny sanctions 11 people got slapped with. Putin has the upper hand. In that hand he has Snowden and he's calling our bluff.
-
@JaredBusch SSL isn't going to help.
-
@RoguePacket what? you mean I cannot trust that little padlock on my browser?
-
@jaredbusch Against the little crooks, sure. NSA & gov't level entities? Not so much.
Many have gone to SSH instead (key distribution for it has its own issues). Try "ssl circle of trust is broken"—
-
@RoguePacket i think you missed the sarcasm level of my posts. sorry about that.
-
@jaredbusch ....yeah, wasn't sure. <sad>
-
The web of trust being broken doesn't by itself mean the security of SSL is useless, just a bit less trustworthy. Self signed SSL certs are every bit as strong as a certified one at the same level of course just not verified who the end point is.
-
@Dashrender Spot on. If you manually uninstall the trusted certs (considering most browsers have half a dozen under the control of national security agencies, and national telecoms around the world this doesn't surprise me) in theory certificates will work fine. Remember its not about being unbreakable (XKCD points out that a $20 wrench will force most people to hand over their passwords) but about making it so that people can't DVR 5 years of your activities and go look back at them after the fact.
-
@lost_signal773 the problem with that is (at least) Windows will automatically connect to MS servers to download and install new Certs that 'they' consider OK - Honk Kong Post Office anyone?
I haven't dug into it much myself but I do have a passing interest to learn how to disable this 'feature'.