PRISM && Excited Guardianista
james2 at jfirth.net
Wed Jun 12 11:17:47 BST 2013
Bending the discussion a bit to crypto, I've seen questions on my Twitter
stream about Kasper's talk at OrgCon this weekend. Slides:
Specifically on slide 16, NSA capability to collect all cross-border
And slide 17 "(FISA §1881a) reaches inside the SSL!"
I suspect Kasper may have been referring to PRISM collection *bypassing*
SSL, however does anyone have a feeling on whether FISA could be used to
compel a CSP to hand-over private SSL keys to be able to decrypt this
Also I remember late in 2011 Google started using forward secrecy:
FS would, in theory at least, make knowledge of the private key somewhat
Or would it?
Knowledge of the system architecture, being able to watch the secondary key
exchange, and the possibility - likelihood - of the NSA having custom kit
(D-wave quantum computer, anyone?) opens the possibility that sessions can
be decoded with workable overhead.
More information about the ukcrypto