Personal Cloud (was: Did Ed Snowden do the right thing?)

Lonnie Olson lists at kittypee.com
Tue Jun 11 12:31:42 MDT 2013


On Tue, Jun 11, 2013 at 12:27 PM, John Shaver <bobjohnbob at gmail.com> wrote:
> Sorry, you misunderstood me.  If I have a cert with them as the CA, they do
> not have my private key to hand over to the government.  They certainly
> have their own private key...

Oh, totally right.  The government couldn't decrypt your SSL session
directly.  But they could masquerade as you to another user using
their own certificate and a main-in-the-middle attack, get the user to
reveal their password, and any other data.


More information about the PLUG mailing list