Hacker News new | past | comments | ask | show | jobs | submit login

”all a government has to do is embed within the endpoint”

That’s a pretty high bar to clear though.




Not really. NSA requests are backed by LE either directly or... extortion style. https://www.wired.com/2007/10/nsa-asked-for-p/


Allright. But they didn’t do it for all ~300M citizens though, did they?


https://en.m.wikipedia.org/wiki/Room_641A

They did it to everyone whose traffic transited ATT's backbone


I haven’t immersed myself into the details of the Room 641A scandal, but it does indeed sound awful. I do not approve of the operations of NSA/Five Eyes.

But let my re-phrase my question like this: Do we have any evidence that NSA can perform MITM on TLS 1.3? Using a federal US CA would be one way, tricking a CA to issue fraudulent leaf certificates would be another, but as established elsewhere in this thread, both those ways are quite noisy. Attacking the endpoint is another way, but once Mallory does that, all bets are off.


Given it's already happened in the US, I don't think it's high enough.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: