Hacker News new | past | comments | ask | show | jobs | submit login

I'd be very surprised if Symantec doesn't have some backroom deal with intelligence agencies, and not just in the U.S. either, especially since they've acquired BlueCoat - a "security company" known for selling surveillance tools to authoritarian regimes - and after they made the BlueCoat CEO the CEO of Symantec.



Prior to the Symantec aquisition, VeriSign used to pitch just this thing as a product. AFAIK the usage was limited to DoD and a few mundane things.

The IC wasn't interested because it was easier for them to just steal certificates or work around TLS completely.


Interesting that it would be "so much easier" for the U.S. intelligence community to steal most certificates or work around TLS, when countries like Thailand, which have much fewer resources, prefer to get Microsoft to install their own root certificate for them in Windows. Perhaps this is what the IC meant as well, when it said there are other easier ways? Why bother with Verisign's solution, when they could have their own root certs in Windows?

The CA system is such an untrustworthy mess.

http://www.theverge.com/2017/1/25/14381174/microsoft-thailan...


Because using your own CA is not deniable. You aren't allowed to move forward with any solution that may lead to attribution.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: