Reply to post:

Fuming Google tears Symantec a new one over rogue SSL certs

DaLo

"...by web nanny type software and the NSA to do man-in-the-middle attacks"

The web nany software would have to install itself as a trusted certificate authority on your browser first, in which case it doesn't really need to create fake certs. Otherwise every site you visit will show a discrepency/self-signed type warning. A corporate network can do it as every PC on the network can be given a trusted certificate authority which is usually the domain certificate management server, to allow trust of local servers and sign various items.

The NSA can only do it by installing themselves as a trusted certificate authority, compromising or coercing a trusted authority.

The real power is with the OS/Browser as they ultimately decide which authorities they are going to trust or not.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019