BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] email privacy/security

Subject: [Discuss] email privacy/security
From: richard.pieri at gmail.com (Richard Pieri)
Date: Tue, 06 Aug 2013 10:30:00 -0400
In-reply-to: <5200EC0B.3050905@borg.org>
References: <51FED10B.7040208@gmail.com> <51FED700.6030207@gmail.com> <51FF0E3E.9010903@gmail.com> <51FFC527.30300@gmail.com> <51FFD524.40405@borg.org> <51FFE9DC.8050608@gmail.com> <51FFF077.2090308@borg.org> <51FFF3BC.4030907@gmail.com> <51FFFF0F.1000301@borg.org> <ae02c3696ece410abdad590af9e2bfb3@BLUPR04MB040.namprd04.prod.outlook.com> <52000F03.9070400@gmail.com> <5200EC0B.3050905@borg.org>

Kent Borg wrote:
> That doesn't give them session keys for communications.

If the NSA can get copies of the public root certificates then they can 
either get the site/server certs from the CAs or forge their own. Either 
way, a compromised root certificate is the key to the entire chain of trust.

Self-signed certificates can't be compromised this way because there is 
no root CA involved. On the other hand, the quantity of traffic 
encrypted with self-signed certificates is quite small compared to the 
traffic encrypted with public CA certificates. Most of these use AES as 
one of the preferred ciphers. AES, a cipher approved by the NSA for 
commercial use. There is no doubt in my mind that the NSA can break AES 
in substantially less than polynomial time.

-- 
Rich P.

References:
- [Discuss] small business and "prosumer" email options: Yahoo Business Email, FastMail
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] small business and "prosumer" email options: Yahoo Business Email, FastMail
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] email privacy/security
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] email privacy/security
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] email privacy/security
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] email privacy/security
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] email privacy/security
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] email privacy/security
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] email privacy/security
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] email privacy/security
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] email privacy/security
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] email privacy/security
  - From: kentborg at borg.org (Kent Borg)

Prev by Date: [Discuss] email privacy/security
Next by Date: [Discuss] email privacy/security
Previous by thread: [Discuss] email privacy/security
Next by thread: [Discuss] email privacy/security
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org