Hacker News new | past | comments | ask | show | jobs | submit login

"This won't be the last CA compromise we see."

Indeed. I strongly suspect too that it's only "the first one we've seen", and not "the first one".

I have very little doubt that most nation-state sized adversaries have the ability to forge whatever certs they want. It's only careful use of those forged certs (or dumb luck) by the agencies using them that have kept them out of the blogosphere...




Yeah, if NSA doesn't have at least one root CA key they're not doing their jobs. What we need is an alternative to the centralized CA system, like TOFU POP MONK.


They do, and it isn't even hiding. Take a look in your cert store and you will see multiple DoD root CAs.


I just checked, and at least with firefox, I didn't see any. What are you referring to exactly?


Odd, my OS X machine has 2 of them listed. I don't see it in firefox though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: