Hacker News new | past | comments | ask | show | jobs | submit login

No they can't, because the public keys for properties like Google are increasingly "pinned" in the browser binary itself.



https://news.ycombinator.com/item?id=5868581


That response doesn't address his point at all.

Nobody is accusing the NSA of MITM-attacking Google, Microsoft, etc, so I don't know why people keep bringing up certificate pinning.

His point was that if the NSA got to Google's certificate authority then they could use information within that private key to help decrypt Google's traffic.

I don't know how much water that theory/speculation holds, but I do know certificate pinning has nothing at all to do with this.


It does address the point.

You can't get Google's private key from any cert authority. That's the point. If you compromise a cert authority, you can create fake certs to execute a man in the middle attack, but you can't passively decode encrypted traffic.


CA keys cannot be used to decrypt traffic encrypted with keys that were signed with those CA keys.


NSA did not take Google's private keys.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: