PRISM && Excited Guardianista
James Firth
james2 at jfirth.net
Wed Jun 12 11:17:47 BST 2013
Bending the discussion a bit to crypto, I've seen questions on my Twitter
stream about Kasper's talk at OrgCon this weekend. Slides:
http://www.openrightsgroup.org/assets/files/pdfs/presentations/How_to_wireta
p_the_Cloud_without_anybody_noticing_ORGcon_8.6.2013.pdf
Specifically on slide 16, NSA capability to collect all cross-border
traffic.
And slide 17 "(FISA §1881a) reaches inside the SSL!"
I suspect Kasper may have been referring to PRISM collection *bypassing*
SSL, however does anyone have a feeling on whether FISA could be used to
compel a CSP to hand-over private SSL keys to be able to decrypt this
cross-border traffic?
Also I remember late in 2011 Google started using forward secrecy:
http://googleonlinesecurity.blogspot.co.uk/2011/11/protecting-data-for-long-
term-with.html
FS would, in theory at least, make knowledge of the private key somewhat
moot.
Or would it?
Knowledge of the system architecture, being able to watch the secondary key
exchange, and the possibility - likelihood - of the NSA having custom kit
(D-wave quantum computer, anyone?) opens the possibility that sessions can
be decoded with workable overhead.
James Firth
More information about the ukcrypto
mailing list