PRISM && Excited Guardianista

James Firth james2 at
Wed Jun 12 11:17:47 BST 2013

Bending the discussion a bit to crypto, I've seen questions on my Twitter
stream about Kasper's talk at OrgCon this weekend. Slides:

Specifically on slide 16, NSA capability to collect all cross-border

And slide 17 "(FISA §1881a) reaches inside the SSL!" 

I suspect Kasper may have been referring to PRISM collection *bypassing*
SSL, however does anyone have a feeling on whether FISA could be used to
compel a CSP to hand-over private SSL keys to be able to decrypt this
cross-border traffic?

Also I remember late in 2011 Google started using forward secrecy:

FS would, in theory at least, make knowledge of the private key somewhat

Or would it?  

Knowledge of the system architecture, being able to watch the secondary key
exchange, and the possibility - likelihood - of the NSA having custom kit
(D-wave quantum computer, anyone?) opens the possibility that sessions can
be decoded with workable overhead.  

James Firth

More information about the ukcrypto mailing list