NSA and FBI demands SSL (HTTPS) encryption master keys
119 replies, posted
The whole point of encryption is so that shit stays private. NSA is defeating the purpose of this.
[QUOTE=cqbcat;41587426]The whole point of encryption is so that shit stays private. NSA is defeating the purpose of this.[/QUOTE]
Yes, because unbreakable encryption is counter-productive to their own point.
[QUOTE=Killer900;41580563]Because a wannabe gangster getting killed by a "i dont play by the rules" cop is far more important than your privacy from the government.[/QUOTE]
And in the case of us eurofags, a foreign government.
[QUOTE=hexpunK;41580906]Pretty sure they can't just say "yup, that's illegal. cart him away!". But yes, we don't quite have the same freedom of speech you do. Doesn't stop people here from protesting things that matter to them. Admittedly it was mostly student age citizens in the last big one, and nothing came of it because the Tories are terribad leaders.
[/QUOTE]
Err - If it's injunctions we're talking about, then yeah, it is almost like that. If an injunction is signed and approved by a civil court it pretty much gives you anything from a £10,000 to £1,000,000 leverage on the person it's signed against. It's a civil law AFAIK, so it's not punishable by prison etc. But it gives you a skullfuckingly massive court fine
[QUOTE=IrishGamer;41581081]gibe master keys plz
Seriously, though. This is getting fucking ridiculous.[/QUOTE]
If I had a dime for every time I saw a post in SH that goes like:
[quote]*insert joke here*
Seriously though, *stuff*[/quote]
It's actually cringeworthy to look at.
[QUOTE=elevate;41587790]If I had a dime for every time I saw a post in SH that goes like:
It's actually cringeworthy to look at.[/QUOTE]
It's because they try to add content to their shitty meme to try to avoid being banned, even though the 'stuff' is nothing.
They have access to your informations on Google, Facebook, Apple-stuff, reading your emails/data from your ISP, precise location for any IP, spying you on skype or using your xbox one-camera. And now they want the ssl-keys?
Not surprised if we'll see this in a few years
[t]http://images4.wikia.nocookie.net/__cb20090527041738/half-life/en/images/c/c3/City_Scanner_model.jpg[/t]
[QUOTE=scout1;41585297]I don't understand how you can freak out so badly about abusive potential when literally every part of government can be abused to fuck you over[/QUOTE]
I don't understand how you think the fact that they already have tons of shit that's easily abused justifies them having even more.
[QUOTE=elowin;41588169]I don't understand how you think the fact that they already have tons of shit that's easily abused justifies them having even more.[/QUOTE]
It's not a valid reason to oppose it unless you oppose all forms of government in which case you have larger problems than the NSA.
[QUOTE=Cabbage;41587724]Err - If it's injunctions we're talking about, then yeah, it is almost like that. If an injunction is signed and approved by a civil court it pretty much gives you anything from a £10,000 to £1,000,000 leverage on the person it's signed against. It's a civil law AFAIK, so it's not punishable by prison etc. But it gives you a skullfuckingly massive court fine[/QUOTE]Would a prison sentence arise from failure to pay the fine?
[QUOTE=glitchvid;41586851]How about no.
And if they do, self signed keys here we come![/QUOTE]
This, a million times this. Self-signed certificates are completely vaid and browsers whining about them is bad for the web. It's like clinging to frames.
Okay, US government, let's put it this way: the whole world uses SSL. We are not going to give you the encryption keys to conversations in [b]every single country[/b] because it is [i]outside of your @#$!ing jurisdiction.[/i]
[QUOTE=VinLAURiA;41589169]Okay, US government, let's put it this way: the whole world uses SSL. We are not going to give you the encryption keys to conversations in [b]every single country[/b] because it is [i]outside of your @#$!ing jurisdiction.[/i][/QUOTE]
whoa watch your language
[QUOTE=Eudoxia;41588924]This, a million times this. Self-signed certificates are completely vaid and browsers whining about them is bad for the web. It's like clinging to frames.[/QUOTE]
Browsers whine about them, because they can't currently tell if they're valid (That is, can you actually trust that this SSL certificate came from the site, or somebody intercepting your traffic) For encryption to work you need to be able to trust the other party, that can be done with normal certificates (and even more so with EV certificates), but not with self signed ones.
But, things are changing, stuff like Convergence (Cool design, but kinda broken currently) and DANE (Sticks the public key of the certificate into DNSSEC records) allows browsers to actually trust self signed certificate by providing a means to verify the "trustworthiness" of the certificate.
[QUOTE=Falchion;41590044]whoa watch your language[/QUOTE]
yeah man
i just had to explain your language to my goddamn kids
Why does such a thing as a master key exist in the first place? It literally asks for shit like this to happen.
derp
[QUOTE=DrDevil;41596946]Why does such a thing as a master key exist in the first place? It literally asks for shit like this to happen.[/QUOTE]
They don't exist, the article/thread doesn't make it clear that this is a per-site thing.
I hope the NSA step on a lego
[QUOTE=TheDecryptor;41586288]There's no need for a new protocol (Well, there is, TLS 1.1/1.2 is really needed), there aren't "master encryption keys" for TLS or something, it's on a per site basis.
If the NSA gets the encryption keys for site1.com, they can't decrypt the traffic for site2.com, etc.[/QUOTE]
I was wondering about that when I was reading the title.
It's like asking for a single key to every single car on the road.
[QUOTE=Thlis;41597606]I was wondering about that when I was reading the title.
It's like asking for a single key to every single car on the road.[/QUOTE]
I thought auto makers [I]did[/I] make master keys of a sort.
I knew a tow truck driver that had a really nice set of keys and picks that would allow him to open almost any car door.
But he was also a shady guy and may have told me a story to make his thieves tools seem legit.
[QUOTE=Nak;41588161]They have access to your informations on Google, Facebook, Apple-stuff, reading your emails/data from your ISP, precise location for any IP, spying you on skype or using your xbox one-camera. And now they want the ssl-keys?
Not surprised if we'll see this in a few years
[t]http://images4.wikia.nocookie.net/__cb20090527041738/half-life/en/images/c/c3/City_Scanner_model.jpg[/t][/QUOTE]
Why bother, when they have these: [url]http://www.youtube.com/watch?v=QGxNyaXfJsA[/url]
"Land of the free"
[QUOTE=Mega1mpact;41599128]"Land of the free"[/QUOTE]
"and the brave"
[QUOTE=Disotrtion;41583846]There are legal channels the FBI and NSA can go through. They don't need encryption keys.[/QUOTE]
What are you, a terrorist?
Sorry, you need to Log In to post a reply to this thread.