[VOIPSEC] Governments employing MiTM attacks against SSL
Ronald del Rosario
rrosario at five9.com
Mon Apr 12 20:55:10 CDT 2010
VoIPSA readers,
I would like to get your opinion regarding Christopher Soghoian and Sid
Stamm's recently release Proof of Concept (PoC) paper "Certified Lies:
Detecting and Defeating Government Interception Attacks Against SSL
<http://files.cloudprivacy.net/ssl-mitm.pdf> ".
I understand CALEA, but when a government can easily fool an end-user by
employing a MiTM method and present a fake signed Digital Certificate
for its own purpose, how can we accelerate the adoption of Cloud
Computing and VoIP in the industry and build trust when more and more
news describing how flawed the underlying technology designed to protect
their transaction is being bypassed?
Thanks,
Ronald F. del Rosario
More information about the Voipsec
mailing list