Personal Cloud (was: Did Ed Snowden do the right thing?)
lists at kittypee.com
Tue Jun 11 12:31:42 MDT 2013
On Tue, Jun 11, 2013 at 12:27 PM, John Shaver <bobjohnbob at gmail.com> wrote:
> Sorry, you misunderstood me. If I have a cert with them as the CA, they do
> not have my private key to hand over to the government. They certainly
> have their own private key...
Oh, totally right. The government couldn't decrypt your SSL session
directly. But they could masquerade as you to another user using
their own certificate and a main-in-the-middle attack, get the user to
reveal their password, and any other data.
More information about the PLUG