nanog mailing list archives
Re: Carnivore Update - Washington Post 11/21/00
From: Vadim Antonov <avg () kotovnik com>
Date: Thu, 23 Nov 2000 19:16:49 -0800 (PST)
of course carnivore has no problem decrypting SSL.Source, please.
I do not think that carnivore is doing that, but SSL is not resistant to the man-in-the-middle attack. The problem here is in the lack of any useful certificate validation support. How many users actually check that site certificate indeed belongs to whoever is identified as the site owner on the Web pages? (Plus, it depends on the security of certification autority's private keys, their public parts being non-revokable, because they are bundled with browser software. I have a little doubt that it is all too easy for law enforcement to obtain these keys if they need to. Interests of my privacy definitely do not match interests of RSA Cert. Auth., Inc, a commercial entity. Of course, i have no proof that this happened, but I have no reason to trust that it didn't happen, too.) --vadim
Current thread:
- Carnivore Update - Washington Post 11/21/00 Pickett, Mclean (Nov 22)
- Re: Carnivore Update - Washington Post 11/21/00 Frater M.A.Ch.H. 999 (Nov 22)
- <Possible follow-ups>
- Re: Carnivore Update - Washington Post 11/21/00 Steven M. Bellovin (Nov 22)
- RE: Carnivore Update - Washington Post 11/21/00 Roeland Meyer (Nov 22)
- RE: Carnivore Update - Washington Post 11/21/00 Philippe Landau (Nov 23)
- Re: Carnivore Update - Washington Post 11/21/00 Shawn McMahon (Nov 23)
- Re: Carnivore Update - Washington Post 11/21/00 Philippe Landau (Nov 23)
- Re: Carnivore Update - Washington Post 11/21/00 Vadim Antonov (Nov 23)
- Re: Carnivore Update - Washington Post 11/21/00 Shawn McMahon (Nov 23)
- RE: Carnivore Update - Washington Post 11/21/00 Philippe Landau (Nov 23)
- Re: Carnivore Update - Washington Post 11/21/00 Shawn McMahon (Nov 23)
- RE: Carnivore Update - Public Does Not Care Quark Physics (Nov 26)