The best part of the “going dark” debate is that we have to pretend sophisticated attacks by nation-states and criminals are some kind of Gibsonian sci-fi fantasy. It’s 2019. Theres a multi-billion dollar industry around attacking phone security systems.https://www.fastcompany.com/90307864/u-s-fund-sells-israeli-hacking-firm-nso-group-amid-spy-mystery …
-
-
Also the type of authentication that is done by a a CA is far easier to implement (prove you control the thing you want access to) vs prove you are a representative of a organization that is part of a government that is authorized to get unfettered across to someone’s else’s info
-
Despite this a large majority of the miss issuance by CAs is a result of human error; it’s a significant percentage of issuance too. Importantly far less is at risk in that system also.
- 4 more replies
New conversation -
-
-
You put too much faith in “the way HSM access works today”; especially for a system that must be accessed as frequently as a system like this would need to be:https://www.researchgate.net/publication/269333601_Black_Tulip_Report_of_the_investigation_into_the_DigiNotar_Certificate_Authority_breach …
-
I have zero faith in it, but that's how the system works today. With access to the HSM used to store the package signing keys, the FBI could just make the signed firmware blob they wanted for San Bernardino, right?
- 2 more replies
New conversation -
-
-
Lol. National Security Letters. FISA court. USA has plenty of unaccountable processes with no effective oversight or any meaningful way to contest.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.