

What do I tell the average Internet user about this? - Diogenes

Here: http://techdirt.com/articles/20100325/0403568713.shtml<p>And the offending appliance: http://www.wired.com/threatlevel/2010/03/packet-forensics/<p>I've got hundreds of clients who use the Internet, but are not - as we would say - Internet savvy.  What do you think I should tell them (and what will you tell YOUR customers) when the idea that ANY government agency can spy on supposedly "secure" connections hits the mainstream?  I have some ideas, but you, my colleagues and superiors frequenting HN, must have some more insight...
======
apowell
If I'm missing something, please tell me -- but the whole scheme relies on
obtaining a fake SSL certificate. This type of attack has always been possible
with a fake SSL cert. I don't see how this little blue box changes anything.

~~~
Diogenes
It seems to me that one of the primary problems is that law enforcement
agencies don't need a warrant or subpoena for the SSL certificate. Where's the
accountability?

~~~
apowell
Agreed, but again, what's changed? This problem has always existed, and it's
getting some airtime now because someone made a little blue box to that makes
it a bit easier to configure.

