Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security

Kent Borg wrote:
> That doesn't give them session keys for communications.

If the NSA can get copies of the public root certificates then they can 
either get the site/server certs from the CAs or forge their own. Either 
way, a compromised root certificate is the key to the entire chain of trust.

Self-signed certificates can't be compromised this way because there is 
no root CA involved. On the other hand, the quantity of traffic 
encrypted with self-signed certificates is quite small compared to the 
traffic encrypted with public CA certificates. Most of these use AES as 
one of the preferred ciphers. AES, a cipher approved by the NSA for 
commercial use. There is no doubt in my mind that the NSA can break AES 
in substantially less than polynomial time.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /